set content-disposition to attachment instead of inline

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-05-05 15:06:11 -04:00 committed by June
parent 42e3567153
commit 43c4dfc5df
2 changed files with 8 additions and 6 deletions

View file

@ -130,7 +130,7 @@ pub(crate) async fn create_content_route(
mxc.clone(), mxc.clone(),
body.filename body.filename
.as_ref() .as_ref()
.map(|filename| "inline; filename=".to_owned() + filename) .map(|filename| format!("attachment; filename={filename}"))
.as_deref(), .as_deref(),
body.content_type.as_deref(), body.content_type.as_deref(),
&body.file, &body.file,
@ -173,15 +173,16 @@ pub(crate) async fn get_content_route(body: Ruma<get_content::v3::Request>) -> R
let mxc = format!("mxc://{}/{}", body.server_name, body.media_id); let mxc = format!("mxc://{}/{}", body.server_name, body.media_id);
if let Some(FileMeta { if let Some(FileMeta {
content_disposition,
content_type, content_type,
file, file,
..
}) = services().media.get(mxc.clone()).await? }) = services().media.get(mxc.clone()).await?
{ {
// TODO: safely sanitise filename to be included in the content-disposition
Ok(get_content::v3::Response { Ok(get_content::v3::Response {
file, file,
content_type, content_type,
content_disposition, content_disposition: Some("attachment".to_owned()),
cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()), cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()),
cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()), cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()),
}) })
@ -243,7 +244,7 @@ pub(crate) async fn get_content_as_filename_route(
Ok(get_content_as_filename::v3::Response { Ok(get_content_as_filename::v3::Response {
file, file,
content_type, content_type,
content_disposition: Some(format!("inline; filename={}", body.filename)), content_disposition: Some("attachment".to_owned()),
cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()), cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()),
cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()), cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()),
}) })
@ -258,7 +259,7 @@ pub(crate) async fn get_content_as_filename_route(
.await .await
{ {
Ok(remote_content_response) => Ok(get_content_as_filename::v3::Response { Ok(remote_content_response) => Ok(get_content_as_filename::v3::Response {
content_disposition: Some(format!("inline: filename={}", body.filename)), content_disposition: Some("attachment".to_owned()),
content_type: remote_content_response.content_type, content_type: remote_content_response.content_type,
file: remote_content_response.file, file: remote_content_response.file,
cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()), cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()),
@ -434,7 +435,7 @@ async fn get_remote_content(
.create( .create(
None, None,
mxc.to_owned(), mxc.to_owned(),
content_response.content_disposition.as_deref(), Some("attachment"),
content_response.content_type.as_deref(), content_response.content_type.as_deref(),
&content_response.file, &content_response.file,
) )

View file

@ -16,6 +16,7 @@ use crate::{services, utils, Error, Result};
#[derive(Debug)] #[derive(Debug)]
pub(crate) struct FileMeta { pub(crate) struct FileMeta {
#[allow(dead_code)]
pub(crate) content_disposition: Option<String>, pub(crate) content_disposition: Option<String>,
pub(crate) content_type: Option<String>, pub(crate) content_type: Option<String>,
pub(crate) file: Vec<u8>, pub(crate) file: Vec<u8>,