diff options
author | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2016-02-24 11:53:30 +0100 |
---|---|---|
committer | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2016-02-24 11:53:30 +0100 |
commit | cf2c5396e014e54db7a3183380a8ed2b77b2e6e1 (patch) | |
tree | 1dbf75efad1006ff2aff91562e573d29455ec457 /app/controllers/projects/avatars_controller.rb | |
parent | bd71438d6accb61a33b520177aeb92a3614eedb5 (diff) | |
download | gitlab-ce-cf2c5396e014e54db7a3183380a8ed2b77b2e6e1.tar.gz |
Explain why we mangle blob content typessafe-content-type
Diffstat (limited to 'app/controllers/projects/avatars_controller.rb')
-rw-r--r-- | app/controllers/projects/avatars_controller.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/controllers/projects/avatars_controller.rb b/app/controllers/projects/avatars_controller.rb index f7e6bb34443..b64dbbd89ce 100644 --- a/app/controllers/projects/avatars_controller.rb +++ b/app/controllers/projects/avatars_controller.rb @@ -1,4 +1,6 @@ class Projects::AvatarsController < Projects::ApplicationController + include BlobHelper + before_action :project def show @@ -7,7 +9,7 @@ class Projects::AvatarsController < Projects::ApplicationController headers['X-Content-Type-Options'] = 'nosniff' headers.store(*Gitlab::Workhorse.send_git_blob(@repository, @blob)) headers['Content-Disposition'] = 'inline' - headers['Content-Type'] = @blob.content_type + headers['Content-Type'] = safe_content_type(@blob) head :ok # 'render nothing: true' messes up the Content-Type else render_404 |