Allow inline PDF files

Allow inline content disposition for PDF files

CHANGELOG

@@ -2,6 +2,10 @@
 
 Formerly known as 'gitlab-git-http-server'.
 
+Next
+
+- Allow inline content disposition for pdf files !446
+
 v 8.17.0
 
 - Add labkit monitoring for build metrics !440

internal/headers/content_headers.go

@@ -15,6 +15,8 @@ var (
 
 	VideoTypeRegex = regexp.MustCompile(`^video/*`)
 
+	PdfTypeRegex = regexp.MustCompile(`application\/pdf`)
+
 	AttachmentRegex = regexp.MustCompile(`^attachment`)
 	InlineRegex     = regexp.MustCompile(`^inline`)
 )
@@ -27,7 +29,7 @@ var forbiddenInlineTypes = []*regexp.Regexp{SvgMimeTypeRegex}
 // allowed type that can't be inlined we must add it to the forbiddenInlineTypes var.
 // One example of this is the mime type "image". We allow all images to be
 // inlined except for SVGs.
-var allowedInlineTypes = []*regexp.Regexp{ImageTypeRegex, TextTypeRegex, VideoTypeRegex}
+var allowedInlineTypes = []*regexp.Regexp{ImageTypeRegex, TextTypeRegex, VideoTypeRegex, PdfTypeRegex}
 
 func SafeContentHeaders(data []byte, contentDisposition string) (string, string) {
 	contentType := safeContentType(data)

internal/senddata/contentprocessor/contentprocessor_test.go

@@ -85,6 +85,12 @@ func TestSetProperContentTypeAndDisposition(t *testing.T) {
 			contentDisposition: "attachment",
 			body:               testhelper.LoadFile(t, "testdata/file.pdf"),
 		},
+		{
+			desc:               "Application type pdf with inline disposition",
+			contentType:        "application/pdf",
+			contentDisposition: "inline",
+			body:               testhelper.LoadFile(t, "testdata/file.pdf"),
+		},
 		{
 			desc:               "Application executable type",
 			contentType:        "application/octet-stream",
@@ -201,7 +207,7 @@ func TestSuccessOverrideContentDispositionFromInlineToAttachment(t *testing.T) {
 	require.Equal(t, "attachment", resp.Header.Get(headers.ContentDispositionHeader))
 }
 
-func TestFailOverrideContentDispositionFromAttachmentToInline(t *testing.T) {
+func TestInlineContentDispositionForPdfFiles(t *testing.T) {
 	testCaseBody := testhelper.LoadFile(t, "testdata/file.pdf")
 
 	h := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
@@ -214,6 +220,22 @@ func TestFailOverrideContentDispositionFromAttachmentToInline(t *testing.T) {
 
 	resp := makeRequest(t, h, testCaseBody, "")
 
+	require.Equal(t, "inline", resp.Header.Get(headers.ContentDispositionHeader))
+}
+
+func TestFailOverrideContentDispositionFromAttachmentToInline(t *testing.T) {
+	testCaseBody := testhelper.LoadFile(t, "testdata/image.svg")
+
+	h := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
+		// We are pretending to be upstream or an inner layer of the ResponseWriter chain
+		w.Header().Set(headers.ContentDispositionHeader, "inline")
+		w.Header().Set(headers.GitlabWorkhorseDetectContentTypeHeader, "true")
+		_, err := io.WriteString(w, testCaseBody)
+		require.NoError(t, err)
+	})
+
+	resp := makeRequest(t, h, testCaseBody, "")
+
 	require.Equal(t, "attachment", resp.Header.Get(headers.ContentDispositionHeader))
 }