has contents that are not what they are reported to be

[BilalReffas]

Hello I have a problem using paperclip on the google app engine. So it works localy but remote on google cloud. I get an validation error.:(

validates_attachment_content_type :image, :content_type => ["image/jpg", "image/jpeg", "image/png", "image/gif"]

[tute]

Hi @BilalReffas. We need more information to know how to help you on this issue. See https://github.com/norman/yourbugreportneedsmore.info/blob/master/index.html/.

Also, consider asking in StackOverflow, where a bigger community might be able to better help you.

Thanks!

[BilalReffas]

I using the google cloud storage on the development mode everything works fine. But when I want to upload an image in the production. I get this validation error. :(

[tiepviet]

Paperclip 3.5, Rails 4.2.5
when i tried to upload image in production, i got same error message.

[BilalReffas]

@vietntframgia Do you use google cloud in production ? I solve it see the link on stackoverflow.
See my answer http://stackoverflow.com/questions/36240872/paperclip-validation-issue-on-production

[tute]

@BilalReffas I suggest working with the other response, http://stackoverflow.com/a/36241460, as the spoof detection is a security mechanism. Is this a bug in paperclip, you think?

[BilalReffas]

But only my solution works.. The other solution don't work for me..:(

[jasonfb]

can you guys post the BROWSER and OPERATING SYSTEM that you are using to make the upload? It turns out the content-type header is highly dependent on the operating system

[jasonfb]

Here are two different log entries for Chrome submission of a CSV file. One is on Windows, and another on a Mac:

WINDOWS Chrome

2016-04-07T18:19:43.025920+00:00 app[web.1]:   Parameters: {"utf8"=>"✓", "authenticity_token"=>"xidmv33k4SShdW5KuKnSSz5r+k9D+MLUNQFcB2c04qM=", "record"=>{"delete_attachment"=>"true", "attachment"=>#<ActionDispatch::Http::UploadedFile:0x007f9e2293f0b8 @tempfile=#<Tempfile:/tmp/RackMultipart20160407-10-1elodis>, @original_filename="AprilFoolsFollowup_Customers.csv", @content_type="application/octet-stream", @headers="Content-Disposition: form-data; name=\"record[attachment]\"; filename=\"AprilFoolsFollowup_Customers.csv\"\r\nContent-Type: application/octet-stream\r\n">, "type"=>"UserTagImporter", "options"=>{"tag"=>"testtesttest"}}, "commit"=>"Create", "iframe"=>"true"}

MAC OS X Chrome

2016-04-07T18:22:11.403579+00:00 app[web.1]:   Parameters: {"utf8"=>"✓", "authenticity_token"=>"iDa5qy8LlcKv4EqezknZZDzg4Kk3T/4Knc1rbRem2Yg=", "record"=>{"attachment"=>#<ActionDispatch::Http::UploadedFile:0x007f9e183099c8 @tempfile=#<Tempfile:/tmp/RackMultipart20160407-16-1qeh446>, @original_filename="AprilFoolsFollowup_Customers.csv", @content_type="text/csv", @headers="Content-Disposition: form-data; name=\"record[attachment]\"; filename=\"AprilFoolsFollowup_Customers.csv\"\r\nContent-Type: text/csv\r\n">, "type"=>"UserTagImporter", "options"=>{"tag"=>"test1"}}, "commit"=>"Create", "iframe"=>"true"}

As you can see, on Mac, the content_type is set correctly to text/csv. On Windows, I get application/octet-stream

[jasonfb]

The issue for WIndows is describe here: http://stackoverflow.com/questions/1201945/how-is-mime-type-of-an-uploaded-file-determined-by-browser

I would love to find a solution to this... I tried to edit my Windows registry (yes, that is what they tell you must do) and even that didn't work.

So basically, if you're trying to validate a content-type from a Windows machine that is not in the default list of Windows MIME types, you are essentially SOOL. As of now, I have yet to be able to find a work-around to this.

[jasonfb]

basically, because of this issue, I feel that validates_attachment_content_type is essentially useless and you should only be checking file extensions.

[jasonfb]

my issue is slightly unrelated so I will open a new issue

[rpbaltazar]

I kind of have a similar issue. Currently using paperclip 4.3.6.
I'm generating two CSV files on the server side and one of them is identified by paperclip as ASCII Text while the other is identified as a C file.

This is currently happening on MacOSx, and I haven't got yet a log from the server side.

From my understanding, paperclip is running file -b to identify the content type, so I don't really know how to walk around this problem.

[jasonfb]

@rpbaltazar can you examine and report on the Content-Type: that is sent along with the requests

[rpbaltazar]

Not sure if this is what you're looking for, but this is what i'm getting:
Content Type Spoof: Filename contracts_1464234057.json (application/json from Headers, ["application/json"] from Extension), content type discovered from file command: text/x-c. See documentation to allow this combination.

[ssinghi]

@jasonfb @rpbaltazar Getting a similar error.

[paperclip] Content Type Spoof: Filename power_of_number_question.c (application/octet-stream from Headers, ["text/x-c", "text/plain"] from Extension), content type discovered from file command: text/x-c. See documentation to allow this combination.

[jasonfb]

we worked around our problem with

validates_attachment_content_type :attachment,
  :content_type => %w(text/csv application/vnd.ms-excel),
  :message => "invalid content type. If you are on a Windows computer, you must have MS Excell installed to use this uploader"

which is whack but you know so is Windows, so bob's your uncle.

[jasonfb]

@ssinghi you may wish to reference the similar Issue I had opened specific to my bug: #2170

[chamnap]

I can't reproduce this too, but on windows, it does.

[ssinghi]

To reproduce use a client / browser system Windows Vista or XP with Firefox or Chrome.
The uploaded file header will contain 'application/octet-stream', as those systems don't know about the file type in use and will consider it to be binary.

The same error can be reproduced on Windows 8 & 10 as well with Chrome (based on a user report).

[tute]

Closing as duplicate of #1924, as there is no new context here that is not in there.
Thank you for your help.