Commit 877a0cc2 authored by Nick Thomas's avatar Nick Thomas

Merge branch 'fj-55882-fix-files-api-content-disposition' into 'master'

Fix files/blob api endpoint content disposition

Closes #55882

See merge request gitlab-org/gitlab-ce!24267
parents 0bbdbd55 40887a94
---
title: Fix files/blob api endpoints content disposition
merge_request: 24267
author:
type: fixed
...@@ -496,7 +496,11 @@ module API ...@@ -496,7 +496,11 @@ module API
def send_git_blob(repository, blob) def send_git_blob(repository, blob)
env['api.format'] = :txt env['api.format'] = :txt
content_type 'text/plain' content_type 'text/plain'
header['Content-Disposition'] = content_disposition('attachment', blob.name) header['Content-Disposition'] = content_disposition('inline', blob.name)
# Let Workhorse examine the content and determine the better content disposition
header[Gitlab::Workhorse::DETECT_HEADER] = "true"
header(*Gitlab::Workhorse.send_git_blob(repository, blob)) header(*Gitlab::Workhorse.send_git_blob(repository, blob))
end end
......
...@@ -150,7 +150,6 @@ describe API::Helpers do ...@@ -150,7 +150,6 @@ describe API::Helpers do
end end
describe '#send_git_blob' do describe '#send_git_blob' do
context 'content disposition' do
let(:repository) { double } let(:repository) { double }
let(:blob) { double(name: 'foobar') } let(:blob) { double(name: 'foobar') }
...@@ -165,17 +164,22 @@ describe API::Helpers do ...@@ -165,17 +164,22 @@ describe API::Helpers do
allow(Gitlab::Workhorse).to receive(:send_git_blob) allow(Gitlab::Workhorse).to receive(:send_git_blob)
end end
it 'sets Gitlab::Workhorse::DETECT_HEADER header' do
expect(send_git_blob[Gitlab::Workhorse::DETECT_HEADER]).to eq "true"
end
context 'content disposition' do
context 'when blob name is null' do context 'when blob name is null' do
let(:blob) { double(name: nil) } let(:blob) { double(name: nil) }
it 'returns only the disposition' do it 'returns only the disposition' do
expect(send_git_blob['Content-Disposition']).to eq 'attachment' expect(send_git_blob['Content-Disposition']).to eq 'inline'
end end
end end
context 'when blob name is not null' do context 'when blob name is not null' do
it 'returns disposition with the blob name' do it 'returns disposition with the blob name' do
expect(send_git_blob['Content-Disposition']).to eq 'attachment; filename="foobar"' expect(send_git_blob['Content-Disposition']).to eq 'inline; filename="foobar"'
end end
end end
end end
......
...@@ -183,14 +183,15 @@ describe API::Files do ...@@ -183,14 +183,15 @@ describe API::Files do
get api(url, current_user), params: params get api(url, current_user), params: params
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(headers[Gitlab::Workhorse::DETECT_HEADER]).to eq "true"
end end
it 'forces attachment content disposition' do it 'sets inline content disposition by default' do
url = route(file_path) + "/raw" url = route(file_path) + "/raw"
get api(url, current_user), params: params get api(url, current_user), params: params
expect(headers['Content-Disposition']).to eq('attachment; filename="popen.rb"') expect(headers['Content-Disposition']).to eq('inline; filename="popen.rb"')
end end
context 'when mandatory params are not given' do context 'when mandatory params are not given' do
......
...@@ -166,12 +166,13 @@ describe API::Repositories do ...@@ -166,12 +166,13 @@ describe API::Repositories do
get api(route, current_user) get api(route, current_user)
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
expect(headers[Gitlab::Workhorse::DETECT_HEADER]).to eq "true"
end end
it 'forces attachment content disposition' do it 'sets inline content disposition by default' do
get api(route, current_user) get api(route, current_user)
expect(headers['Content-Disposition']).to eq 'attachment' expect(headers['Content-Disposition']).to eq 'inline'
end end
context 'when sha does not exist' do context 'when sha does not exist' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment