Fix raw endpoint PDF file headers (#19825) (#19826)

diff --git a/modules/typesniffer/typesniffer.go b/modules/typesniffer/typesniffer.go
index 9e29b3557c4ac6b4ab4da55f506dca7c2a4d73fc..3cfbd923193ae98b5a97e08a67e506e777d2773a 100644 (file)
--- a/modules/typesniffer/typesniffer.go
+++ b/modules/typesniffer/typesniffer.go
@@ -17,8 +17,12 @@ import (
 // Use at most this many bytes to determine Content Type.
 const sniffLen = 1024
 
-// SvgMimeType MIME type of SVG images.
-const SvgMimeType = "image/svg+xml"
+const (
+       // SvgMimeType MIME type of SVG images.
+       SvgMimeType = "image/svg+xml"
+       // ApplicationOctetStream MIME type of binary files.
+       ApplicationOctetStream = "application/octet-stream"
+)
 
 var svgTagRegex = regexp.MustCompile(`(?si)\A\s*(?:(<!--.*?-->|<!DOCTYPE\s+svg([\s:]+.*?>|>))\s*)*<svg[\s>\/]`)
 var svgTagInXMLRegex = regexp.MustCompile(`(?si)\A<\?xml\b.*?\?>\s*(?:(<!--.*?-->|<!DOCTYPE\s+svg([\s:]+.*?>|>))\s*)*<svg[\s>\/]`)

diff --git a/routers/common/repo.go b/routers/common/repo.go
index b0e14b63f542c5c36a3a37701fcb2771201ae7d2..1e9076a1988e6247fe710584226ebc61063ccd51 100644 (file)
--- a/routers/common/repo.go
+++ b/routers/common/repo.go
@@ -87,10 +87,14 @@ func ServeData(ctx *context.Context, name string, size int64, reader io.Reader)
                }
                if (st.IsImage() || st.IsPDF()) && (setting.UI.SVG.Enabled || !st.IsSvgImage()) {
                        ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, name))
-                       if st.IsSvgImage() {
+                       if st.IsSvgImage() || st.IsPDF() {
                                ctx.Resp.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
                                ctx.Resp.Header().Set("X-Content-Type-Options", "nosniff")
-                               ctx.Resp.Header().Set("Content-Type", typesniffer.SvgMimeType)
+                               if st.IsSvgImage() {
+                                       ctx.Resp.Header().Set("Content-Type", typesniffer.SvgMimeType)
+                               } else {
+                                       ctx.Resp.Header().Set("Content-Type", typesniffer.ApplicationOctetStream)
+                               }
                        }
                } else {
                        ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, name))