From 4688d4981a2b9f190b94c0932e8c12e15fd98ebe Mon Sep 17 00:00:00 2001 From: Harrison Healey Date: Thu, 20 Oct 2016 11:31:15 -0400 Subject: Explicitly set Content-Type field when getting file attachments (#4280) --- api/file.go | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) (limited to 'api/file.go') diff --git a/api/file.go b/api/file.go index 58b772003..a71bc71da 100644 --- a/api/file.go +++ b/api/file.go @@ -31,7 +31,6 @@ import ( "github.com/gorilla/mux" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" - "github.com/mssola/user_agent" "github.com/rwcarlsen/goexif/exif" _ "golang.org/x/image/bmp" ) @@ -315,7 +314,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { if data, err := ReadFile(info.Path); err != nil { c.Err = err c.Err.StatusCode = http.StatusNotFound - } else if err := writeFileResponse(info.Name, data, w, r); err != nil { + } else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil { c.Err = err return } @@ -337,7 +336,7 @@ func getFileThumbnail(c *Context, w http.ResponseWriter, r *http.Request) { if data, err := ReadFile(info.ThumbnailPath); err != nil { c.Err = err c.Err.StatusCode = http.StatusNotFound - } else if err := writeFileResponse(info.Name, data, w, r); err != nil { + } else if err := writeFileResponse(info.Name, "", data, w, r); err != nil { c.Err = err return } @@ -359,7 +358,7 @@ func getFilePreview(c *Context, w http.ResponseWriter, r *http.Request) { if data, err := ReadFile(info.PreviewPath); err != nil { c.Err = err c.Err.StatusCode = http.StatusNotFound - } else if err := writeFileResponse(info.Name, data, w, r); err != nil { + } else if err := writeFileResponse(info.Name, "", data, w, r); err != nil { c.Err = err return } @@ -409,7 +408,7 @@ func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) { if data, err := ReadFile(info.Path); err != nil { c.Err = err c.Err.StatusCode = http.StatusNotFound - } else if err := writeFileResponse(info.Name, data, w, r); err != nil { + } else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil { c.Err = err return } @@ -507,27 +506,24 @@ func getPublicFileOld(c *Context, w http.ResponseWriter, r *http.Request) { if data, err := ReadFile(info.Path); err != nil { c.Err = err c.Err.StatusCode = http.StatusNotFound - } else if err := writeFileResponse(info.Name, data, w, r); err != nil { + } else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil { c.Err = err return } } -func writeFileResponse(filename string, bytes []byte, w http.ResponseWriter, r *http.Request) *model.AppError { +func writeFileResponse(filename string, contentType string, bytes []byte, w http.ResponseWriter, r *http.Request) *model.AppError { w.Header().Set("Cache-Control", "max-age=2592000, public") w.Header().Set("Content-Length", strconv.Itoa(len(bytes))) - w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer - // attach extra headers to trigger a download on IE, Edge, and Safari - ua := user_agent.New(r.UserAgent()) - bname, _ := ua.Browser() + if contentType != "" { + w.Header().Set("Content-Type", contentType) + } else { + w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer + } w.Header().Set("Content-Disposition", "attachment;filename=\""+filename+"\"") - if bname == "Edge" || bname == "Internet Explorer" || bname == "Safari" { - w.Header().Set("Content-Type", "application/octet-stream") - } - // prevent file links from being embedded in iframes w.Header().Set("X-Frame-Options", "DENY") w.Header().Set("Content-Security-Policy", "Frame-ancestors 'none'") -- cgit v1.2.3-1-g7c22