From 4567650f1e76e851a9efb03cd52f6b81e9e8904f Mon Sep 17 00:00:00 2001 From: Go MAEDA Date: Mon, 18 Sep 2023 02:35:27 +0000 Subject: Merged r22294 and r22295 from trunk to 4.2-stable (#38417). git-svn-id: https://svn.redmine.org/redmine/branches/4.2-stable@22297 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/controllers/attachments_controller.rb | 7 ++++++- app/controllers/repositories_controller.rb | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index d956ac17e..35c8aa5f9 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -89,7 +89,7 @@ class AttachmentsController < ApplicationController tbnail, :filename => filename_for_content_disposition(@attachment.filename), :type => detect_content_type(@attachment, true), - :disposition => 'inline') + :disposition => 'attachment') end else # No thumbnail for the attachment or thumbnail could not be created @@ -330,4 +330,9 @@ class AttachmentsController < ApplicationController request.raw_post end end + + def send_file(path, options={}) + headers['content-security-policy'] = "default-src 'none'; style-src 'unsafe-inline'; sandbox" + super + end end diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 60b27e2f2..59f65b3e9 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -432,6 +432,11 @@ class RepositoriesController < ApplicationController end end + def send_file(path, options={}) + headers['content-security-policy'] = "default-src 'none'; style-src 'unsafe-inline'; sandbox" + super + end + def valid_name?(rev) return true if rev.nil? return true if REV_PARAM_RE.match?(rev) -- cgit v1.2.3