Commit 0a729f28 authored by Felipe Artur's avatar Felipe Artur Committed by Nick Thomas

Allow inline PDF files

Allow inline content disposition for PDF files
parent 0418d8c1
...@@ -2,6 +2,10 @@ ...@@ -2,6 +2,10 @@
Formerly known as 'gitlab-git-http-server'. Formerly known as 'gitlab-git-http-server'.
Next
- Allow inline content disposition for pdf files !446
v 8.17.0 v 8.17.0
- Add labkit monitoring for build metrics !440 - Add labkit monitoring for build metrics !440
......
...@@ -15,6 +15,8 @@ var ( ...@@ -15,6 +15,8 @@ var (
VideoTypeRegex = regexp.MustCompile(`^video/*`) VideoTypeRegex = regexp.MustCompile(`^video/*`)
PdfTypeRegex = regexp.MustCompile(`application\/pdf`)
AttachmentRegex = regexp.MustCompile(`^attachment`) AttachmentRegex = regexp.MustCompile(`^attachment`)
InlineRegex = regexp.MustCompile(`^inline`) InlineRegex = regexp.MustCompile(`^inline`)
) )
...@@ -27,7 +29,7 @@ var forbiddenInlineTypes = []*regexp.Regexp{SvgMimeTypeRegex} ...@@ -27,7 +29,7 @@ var forbiddenInlineTypes = []*regexp.Regexp{SvgMimeTypeRegex}
// allowed type that can't be inlined we must add it to the forbiddenInlineTypes var. // allowed type that can't be inlined we must add it to the forbiddenInlineTypes var.
// One example of this is the mime type "image". We allow all images to be // One example of this is the mime type "image". We allow all images to be
// inlined except for SVGs. // inlined except for SVGs.
var allowedInlineTypes = []*regexp.Regexp{ImageTypeRegex, TextTypeRegex, VideoTypeRegex} var allowedInlineTypes = []*regexp.Regexp{ImageTypeRegex, TextTypeRegex, VideoTypeRegex, PdfTypeRegex}
func SafeContentHeaders(data []byte, contentDisposition string) (string, string) { func SafeContentHeaders(data []byte, contentDisposition string) (string, string) {
contentType := safeContentType(data) contentType := safeContentType(data)
......
...@@ -85,6 +85,12 @@ func TestSetProperContentTypeAndDisposition(t *testing.T) { ...@@ -85,6 +85,12 @@ func TestSetProperContentTypeAndDisposition(t *testing.T) {
contentDisposition: "attachment", contentDisposition: "attachment",
body: testhelper.LoadFile(t, "testdata/file.pdf"), body: testhelper.LoadFile(t, "testdata/file.pdf"),
}, },
{
desc: "Application type pdf with inline disposition",
contentType: "application/pdf",
contentDisposition: "inline",
body: testhelper.LoadFile(t, "testdata/file.pdf"),
},
{ {
desc: "Application executable type", desc: "Application executable type",
contentType: "application/octet-stream", contentType: "application/octet-stream",
...@@ -201,7 +207,7 @@ func TestSuccessOverrideContentDispositionFromInlineToAttachment(t *testing.T) { ...@@ -201,7 +207,7 @@ func TestSuccessOverrideContentDispositionFromInlineToAttachment(t *testing.T) {
require.Equal(t, "attachment", resp.Header.Get(headers.ContentDispositionHeader)) require.Equal(t, "attachment", resp.Header.Get(headers.ContentDispositionHeader))
} }
func TestFailOverrideContentDispositionFromAttachmentToInline(t *testing.T) { func TestInlineContentDispositionForPdfFiles(t *testing.T) {
testCaseBody := testhelper.LoadFile(t, "testdata/file.pdf") testCaseBody := testhelper.LoadFile(t, "testdata/file.pdf")
h := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { h := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
...@@ -214,6 +220,22 @@ func TestFailOverrideContentDispositionFromAttachmentToInline(t *testing.T) { ...@@ -214,6 +220,22 @@ func TestFailOverrideContentDispositionFromAttachmentToInline(t *testing.T) {
resp := makeRequest(t, h, testCaseBody, "") resp := makeRequest(t, h, testCaseBody, "")
require.Equal(t, "inline", resp.Header.Get(headers.ContentDispositionHeader))
}
func TestFailOverrideContentDispositionFromAttachmentToInline(t *testing.T) {
testCaseBody := testhelper.LoadFile(t, "testdata/image.svg")
h := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
// We are pretending to be upstream or an inner layer of the ResponseWriter chain
w.Header().Set(headers.ContentDispositionHeader, "inline")
w.Header().Set(headers.GitlabWorkhorseDetectContentTypeHeader, "true")
_, err := io.WriteString(w, testCaseBody)
require.NoError(t, err)
})
resp := makeRequest(t, h, testCaseBody, "")
require.Equal(t, "attachment", resp.Header.Get(headers.ContentDispositionHeader)) require.Equal(t, "attachment", resp.Header.Get(headers.ContentDispositionHeader))
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment