diff options
author | Douwe Maan <douwe@gitlab.com> | 2016-03-01 13:39:26 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2016-03-01 13:39:26 +0000 |
commit | fac1e0e83c6abcca5238bd94fe10261e3bff6257 (patch) | |
tree | 0627de8430fd514c1fbf3005fd580db5ef4f17b9 /app/controllers | |
parent | 7d41e4dc9d3365c68f7e54b545fd115e8455eae5 (diff) | |
parent | cf2c5396e014e54db7a3183380a8ed2b77b2e6e1 (diff) | |
download | gitlab-ce-fac1e0e83c6abcca5238bd94fe10261e3bff6257.tar.gz |
Merge branch 'safe-content-type' into 'master'
Explain why we mangle blob content types
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/9079
See merge request !2956
Diffstat (limited to 'app/controllers')
-rw-r--r-- | app/controllers/projects/avatars_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/raw_controller.rb | 13 |
2 files changed, 5 insertions, 12 deletions
diff --git a/app/controllers/projects/avatars_controller.rb b/app/controllers/projects/avatars_controller.rb index f7e6bb34443..b64dbbd89ce 100644 --- a/app/controllers/projects/avatars_controller.rb +++ b/app/controllers/projects/avatars_controller.rb @@ -1,4 +1,6 @@ class Projects::AvatarsController < Projects::ApplicationController + include BlobHelper + before_action :project def show @@ -7,7 +9,7 @@ class Projects::AvatarsController < Projects::ApplicationController headers['X-Content-Type-Options'] = 'nosniff' headers.store(*Gitlab::Workhorse.send_git_blob(@repository, @blob)) headers['Content-Disposition'] = 'inline' - headers['Content-Type'] = @blob.content_type + headers['Content-Type'] = safe_content_type(@blob) head :ok # 'render nothing: true' messes up the Content-Type else render_404 diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb index 87b4d08da0e..d9723acb1d9 100644 --- a/app/controllers/projects/raw_controller.rb +++ b/app/controllers/projects/raw_controller.rb @@ -1,6 +1,7 @@ # Controller for viewing a file's raw class Projects::RawController < Projects::ApplicationController include ExtractsPath + include BlobHelper before_action :require_non_empty_project before_action :assign_ref_vars @@ -17,7 +18,7 @@ class Projects::RawController < Projects::ApplicationController else headers.store(*Gitlab::Workhorse.send_git_blob(@repository, @blob)) headers['Content-Disposition'] = 'inline' - headers['Content-Type'] = get_blob_type + headers['Content-Type'] = safe_content_type(@blob) head :ok # 'render nothing: true' messes up the Content-Type end else @@ -27,16 +28,6 @@ class Projects::RawController < Projects::ApplicationController private - def get_blob_type - if @blob.text? - 'text/plain; charset=utf-8' - elsif @blob.image? - @blob.content_type - else - 'application/octet-stream' - end - end - def send_lfs_object lfs_object = find_lfs_object |