Skip to content

Commit

Permalink
Fixed improper implementation of content type (#501)
Browse files Browse the repository at this point in the history
* Fixed improper implementation of content type

Add text/plain content type if metadata.ContentType is unable to determine the content type of the file

* Update server/handlers.go

Co-authored-by: Farhan Khursheed <41877347+blind-intruder@users.noreply.github.com>

* Update handlers.go

let's trim space

* Update handlers.go

Co-authored-by: Andrea Spacca <andrea.spacca@gmail.com>
  • Loading branch information
blind-intruder and aspacca committed Aug 20, 2022
1 parent 343427d commit 31ad4e0
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions server/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -1034,6 +1034,13 @@ func (s *Server) getHandler(w http.ResponseWriter, r *http.Request) {

if action == "inline" {
disposition = "inline"
/*
metadata.ContentType is unable to determine the type of the content,
So add text/plain in this case to fix XSS related issues/
*/
if strings.TrimSpace(contentType) == "" {
contentType = "text/plain"
}
} else {
disposition = "attachment"
}
Expand Down

0 comments on commit 31ad4e0

Please sign in to comment.