Merge branch 'safe-content-type' into 'master'

Explain why we mangle blob content types Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/9079 See merge request !2956
author: Douwe Maan <douwe@gitlab.com> 2016-03-01 13:39:26 +0000
committer: Douwe Maan <douwe@gitlab.com> 2016-03-01 13:39:26 +0000
commit: fac1e0e83c6abcca5238bd94fe10261e3bff6257 (patch)
tree: 0627de8430fd514c1fbf3005fd580db5ef4f17b9 /app/controllers
parent: 7d41e4dc9d3365c68f7e54b545fd115e8455eae5 (diff)
parent: cf2c5396e014e54db7a3183380a8ed2b77b2e6e1 (diff)
download: gitlab-ce-fac1e0e83c6abcca5238bd94fe10261e3bff6257.tar.gz
2 files changed, 5 insertions, 12 deletions
diff --git a/app/controllers/projects/avatars_controller.rb b/app/controllers/projects/avatars_controller.rb
index f7e6bb34443..b64dbbd89ce 100644
--- a/app/controllers/projects/avatars_controller.rb
+++ b/app/controllers/projects/avatars_controller.rb
@@ -1,4 +1,6 @@
 class Projects::AvatarsController < Projects::ApplicationController
+  include BlobHelper
+
   before_action :project
 
   def show
@@ -7,7 +9,7 @@ class Projects::AvatarsController < Projects::ApplicationController
       headers['X-Content-Type-Options'] = 'nosniff'
       headers.store(*Gitlab::Workhorse.send_git_blob(@repository, @blob))
       headers['Content-Disposition'] = 'inline'
-      headers['Content-Type'] = @blob.content_type
+      headers['Content-Type'] = safe_content_type(@blob)
       head :ok # 'render nothing: true' messes up the Content-Type
     else
       render_404
diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index 87b4d08da0e..d9723acb1d9 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -1,6 +1,7 @@
 # Controller for viewing a file's raw
 class Projects::RawController < Projects::ApplicationController
   include ExtractsPath
+  include BlobHelper
 
   before_action :require_non_empty_project
   before_action :assign_ref_vars
@@ -17,7 +18,7 @@ class Projects::RawController < Projects::ApplicationController
       else
         headers.store(*Gitlab::Workhorse.send_git_blob(@repository, @blob))
         headers['Content-Disposition'] = 'inline'
-        headers['Content-Type'] = get_blob_type
+        headers['Content-Type'] = safe_content_type(@blob)
         head :ok # 'render nothing: true' messes up the Content-Type
       end
     else
@@ -27,16 +28,6 @@ class Projects::RawController < Projects::ApplicationController
 
   private
 
-  def get_blob_type
-    if @blob.text?
-      'text/plain; charset=utf-8'
-    elsif @blob.image?
-      @blob.content_type
-    else
-      'application/octet-stream'
-    end
-  end
-
   def send_lfs_object
     lfs_object = find_lfs_object
author	Douwe Maan <douwe@gitlab.com>	2016-03-01 13:39:26 +0000
committer	Douwe Maan <douwe@gitlab.com>	2016-03-01 13:39:26 +0000
commit	fac1e0e83c6abcca5238bd94fe10261e3bff6257 (patch)
tree	0627de8430fd514c1fbf3005fd580db5ef4f17b9 /app/controllers
parent	7d41e4dc9d3365c68f7e54b545fd115e8455eae5 (diff)
parent	cf2c5396e014e54db7a3183380a8ed2b77b2e6e1 (diff)
download	gitlab-ce-fac1e0e83c6abcca5238bd94fe10261e3bff6257.tar.gz