• Max Orefice's avatar
    Fix artifact content-type raw endpoint · 1a60a674
    Max Orefice authored
    This commit lets workhorse set the content-type when serving
    artifacts. This prevents an attacker to host a maliciou JavaScript
    payload as an artifact and bypass our CSP.
    
    Changelog: security
    1a60a674
workhorse_spec.rb 17.9 KB