Skip to content

Secure mimetypes #361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LukasReschke merged 5 commits into from
Sep 24, 2015
Merged

Secure mimetypes #361

LukasReschke merged 5 commits into from
Sep 24, 2015

Conversation

@oparoz
Copy link
Contributor

@oparoz oparoz commented Sep 18, 2015

Fix for #347

  1. Always send text/plain for SVG at the download points
  2. Only allow the SVG media type for the preview endpoint in the API if explicitly asked for. All the other preview endpoints will continue to serve image/svg+xml since a preview for a SVG is only asked for if NativeSVG was enabled in the config
  3. Only serve files of the media types we support

@LukasReschke

@oparoz oparoz added this to the 8.2-current milestone Sep 18, 2015
@oparoz oparoz self-assigned this Sep 18, 2015
@oparoz oparoz force-pushed the secure-mimetypes branch 3 times, most recently from 69e2aad to 21df789 Compare September 20, 2015 17:48
@oparoz
Copy link
Contributor Author

oparoz commented Sep 24, 2015

Ping @LukasReschke

@LukasReschke
Copy link
Member

LukasReschke commented Sep 24, 2015

Pong. Let me look at this today 😄

@oparoz
Copy link
Contributor Author

oparoz commented Sep 24, 2015

Thanks! I've rebased the other one, so you can have a look as well :) #308

@LukasReschke
Copy link
Member

LukasReschke commented Sep 24, 2015

👍 - THX!

LukasReschke added a commit that referenced this pull request Sep 24, 2015
@LukasReschke
Merge pull request #361 from owncloud/secure-mimetypes
6e9f11c 
Secure mimetypes
@LukasReschke LukasReschke merged commit 6e9f11c into master Sep 24, 2015
@LukasReschke LukasReschke deleted the secure-mimetypes branch September 24, 2015 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@oparoz oparoz

Labels

security

Projects

None yet

Milestone

8.2

Development

Successfully merging this pull request may close these issues.

3 participants

@oparoz @LukasReschke