Add header for attachment disposition only once

Recent refactorings have resulted in the header being added twice, this makes browsers ignore the header which removes any security gains.

This changeset adds the header only once and adds integration tests ensuring the correct header in future.

https://github.com/owncloud/core/issues/22577

1 files changed, 0 insertions, 13 deletions

diff --git a/apps/dav/lib/server.php b/apps/dav/lib/server.php
index 74be318fe5e..377f76fd501 100644
--- a/apps/dav/lib/server.php
+++ b/apps/dav/lib/server.php
@@ -114,19 +114,6 @@ class Server {
 			$this->server->addPlugin(new \OCA\DAV\Connector\Sabre\FakeLockerPlugin());
 		}
 
-		// Serve all files with an Content-Disposition of type "attachment"
-		$this->server->on('beforeMethod', function (RequestInterface $requestInterface, ResponseInterface $responseInterface) {
-			if ($requestInterface->getMethod() === 'GET') {
-				$path = $requestInterface->getPath();
-				if ($this->server->tree->nodeExists($path)) {
-					$node = $this->server->tree->getNodeForPath($path);
-					if (($node instanceof IFile)) {
-						$responseInterface->addHeader('Content-Disposition', 'attachment');
-					}
-				}
-			}
-		});
-
 		// wait with registering these until auth is handled and the filesystem is setup
 		$this->server->on('beforeMethod', function () {
 			// custom properties plugin must be the last one