Skip to content

Serve raw files with the correct content types #15299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Serve raw files with the correct content types #15299

wants to merge 1 commit into from

Conversation

tslocum
Copy link

@tslocum tslocum commented Apr 6, 2021

Resolves #8152.

This is an alternative implementation to the existing PR for this issue.

@silverwind
Copy link
Member

I think this should be optional and default off for the sake of security. See #8152 (comment).

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Apr 6, 2021
silverwind
silverwind reviewed Apr 6, 2021
View reviewed changes
@tslocum
Copy link
Author

tslocum commented Apr 6, 2021

Thanks @silverwind. PR updated.

@silverwind silverwind added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Apr 7, 2021
@tslocum
Serve raw files with the correct content types
c6fc6ed 
Resolves go-gitea#8152.

Signed-off-by: Trevor Slocum <trevor@rocketnine.space>
@silverwind silverwind mentioned this pull request Apr 14, 2021
Merged
@silverwind
Copy link
Member

See #8152 (comment) for a better suggestion.

@tslocum
Copy link
Author

tslocum commented Apr 14, 2021

While I can see merit in your suggestion, the changes in this PR could be explicitly enabled by users via a configuration option (as you originally suggested), with a warning stating the potential security implications. It would also coexist with custom content types when they are implemented (i.e., check custom content types before detecting a file's content type).

Closing because the scope of the solution has grown beyond my interest.

@tslocum tslocum closed this Apr 14, 2021
@go-gitea go-gitea locked and limited conversation to collaborators Jun 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@silverwind silverwind silverwind left review comments

Assignees
No one assigned
Labels
lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[API] Provide correct MIME type when getting a raw text file
3 participants
@tslocum @silverwind @GiteaBot