|
|
@@ -3,6 +3,7 @@ import { ErrorV3 } from '@growi/core/dist/models';
|
|
|
import { SupportedAction } from '~/interfaces/activity';
|
|
|
import { generateAddActivityMiddleware } from '~/server/middlewares/add-activity';
|
|
|
import { configManager } from '~/server/service/config-manager';
|
|
|
+import { strictMimeTypeSettings, laxMimeTypeSettings } from '~/server/service/file-uploader/utils/security';
|
|
|
import loggerFactory from '~/utils/logger';
|
|
|
|
|
|
const logger = loggerFactory('growi:routes:apiv3:content-disposition-settings');
|
|
|
@@ -42,78 +43,10 @@ module.exports = (crowi) => {
|
|
|
*/
|
|
|
router.get('/', loginRequiredStrictly, adminRequired, async(req, res) => {
|
|
|
try {
|
|
|
+ const currentDispositionSettings = configManager.getConfig('attachments:contentDisposition:mimeTypeOverrides');
|
|
|
+ const contentDispositionSettings: Record<string, 'inline' | 'attachment'> = currentDispositionSettings;
|
|
|
|
|
|
- const mimeTypeDefaults = configManager.getConfig('attachments:contentDisposition:mimeTypeOverrides');
|
|
|
- const contentDispositionSettings: Record<string, 'inline' | 'attachment'> = mimeTypeDefaults;
|
|
|
- let currentMode: string;
|
|
|
-
|
|
|
- const strictMimeTypeSettings: Record<string, 'inline' | 'attachment'> = {
|
|
|
- // Documents
|
|
|
- 'application/pdf': 'attachment',
|
|
|
- 'application/json': 'attachment',
|
|
|
- 'text/plain': 'attachment',
|
|
|
- 'text/csv': 'attachment',
|
|
|
- 'text/html': 'attachment',
|
|
|
-
|
|
|
- // Images
|
|
|
- 'image/jpeg': 'attachment',
|
|
|
- 'image/png': 'attachment',
|
|
|
- 'image/gif': 'attachment',
|
|
|
- 'image/webp': 'attachment',
|
|
|
- 'image/svg+xml': 'attachment',
|
|
|
-
|
|
|
- // Audio and Video
|
|
|
- 'audio/mpeg': 'attachment',
|
|
|
- 'video/mp4': 'attachment',
|
|
|
- 'video/webm': 'attachment',
|
|
|
-
|
|
|
- // Fonts
|
|
|
- 'font/woff2': 'attachment',
|
|
|
- 'font/woff': 'attachment',
|
|
|
- 'font/ttf': 'attachment',
|
|
|
- 'font/otf': 'attachment',
|
|
|
- };
|
|
|
-
|
|
|
- const laxMimeTypeSettings: Record<string, 'inline' | 'attachment'> = {
|
|
|
- // Documents
|
|
|
- 'application/pdf': 'inline',
|
|
|
- 'application/json': 'inline',
|
|
|
- 'text/plain': 'inline',
|
|
|
- 'text/csv': 'inline',
|
|
|
- 'text/html': 'attachment',
|
|
|
-
|
|
|
- // Images
|
|
|
- 'image/jpeg': 'inline',
|
|
|
- 'image/png': 'inline',
|
|
|
- 'image/gif': 'inline',
|
|
|
- 'image/webp': 'inline',
|
|
|
- 'image/svg+xml': 'attachment',
|
|
|
-
|
|
|
- // Audio and Video
|
|
|
- 'audio/mpeg': 'inline',
|
|
|
- 'video/mp4': 'inline',
|
|
|
- 'video/webm': 'inline',
|
|
|
-
|
|
|
- // Fonts
|
|
|
- 'font/woff2': 'inline',
|
|
|
- 'font/woff': 'inline',
|
|
|
- 'font/ttf': 'inline',
|
|
|
- 'font/otf': 'inline',
|
|
|
- };
|
|
|
-
|
|
|
- if (JSON.stringify(contentDispositionSettings) === JSON.stringify(strictMimeTypeSettings)) {
|
|
|
- currentMode = 'strict';
|
|
|
- }
|
|
|
-
|
|
|
- else if (JSON.stringify(contentDispositionSettings) === JSON.stringify(laxMimeTypeSettings)) {
|
|
|
- currentMode = 'lax';
|
|
|
- }
|
|
|
-
|
|
|
- else {
|
|
|
- currentMode = 'custom';
|
|
|
- }
|
|
|
-
|
|
|
- return res.apiv3({ currentMode, contentDispositionSettings });
|
|
|
+ return res.apiv3({ contentDispositionSettings });
|
|
|
}
|
|
|
catch (err) {
|
|
|
logger.error('Error retrieving content disposition settings:', err);
|
|
|
@@ -153,33 +86,6 @@ module.exports = (crowi) => {
|
|
|
async(req, res) => {
|
|
|
|
|
|
try {
|
|
|
- const strictMimeTypeSettings: Record<string, 'inline' | 'attachment'> = {
|
|
|
- // Documents
|
|
|
- 'application/pdf': 'attachment',
|
|
|
- 'application/json': 'attachment',
|
|
|
- 'text/plain': 'attachment',
|
|
|
- 'text/csv': 'attachment',
|
|
|
- 'text/html': 'attachment',
|
|
|
-
|
|
|
- // Images
|
|
|
- 'image/jpeg': 'attachment',
|
|
|
- 'image/png': 'attachment',
|
|
|
- 'image/gif': 'attachment',
|
|
|
- 'image/webp': 'attachment',
|
|
|
- 'image/svg+xml': 'attachment',
|
|
|
-
|
|
|
- // Audio and Video
|
|
|
- 'audio/mpeg': 'attachment',
|
|
|
- 'video/mp4': 'attachment',
|
|
|
- 'video/webm': 'attachment',
|
|
|
-
|
|
|
- // Fonts
|
|
|
- 'font/woff2': 'attachment',
|
|
|
- 'font/woff': 'attachment',
|
|
|
- 'font/ttf': 'attachment',
|
|
|
- 'font/otf': 'attachment',
|
|
|
- };
|
|
|
-
|
|
|
await configManager.updateConfigs({ 'attachments:contentDisposition:mimeTypeOverrides': strictMimeTypeSettings });
|
|
|
|
|
|
const parameters = {
|
|
|
@@ -233,33 +139,6 @@ module.exports = (crowi) => {
|
|
|
async(req, res) => {
|
|
|
|
|
|
try {
|
|
|
- const laxMimeTypeSettings: Record<string, 'inline' | 'attachment'> = {
|
|
|
- // Documents
|
|
|
- 'application/pdf': 'inline',
|
|
|
- 'application/json': 'inline',
|
|
|
- 'text/plain': 'inline',
|
|
|
- 'text/csv': 'inline',
|
|
|
- 'text/html': 'attachment',
|
|
|
-
|
|
|
- // Images
|
|
|
- 'image/jpeg': 'inline',
|
|
|
- 'image/png': 'inline',
|
|
|
- 'image/gif': 'inline',
|
|
|
- 'image/webp': 'inline',
|
|
|
- 'image/svg+xml': 'attachment',
|
|
|
-
|
|
|
- // Audio and Video
|
|
|
- 'audio/mpeg': 'inline',
|
|
|
- 'video/mp4': 'inline',
|
|
|
- 'video/webm': 'inline',
|
|
|
-
|
|
|
- // Fonts
|
|
|
- 'font/woff2': 'inline',
|
|
|
- 'font/woff': 'inline',
|
|
|
- 'font/ttf': 'inline',
|
|
|
- 'font/otf': 'inline',
|
|
|
- };
|
|
|
-
|
|
|
await configManager.updateConfigs({ 'attachments:contentDisposition:mimeTypeOverrides': laxMimeTypeSettings });
|
|
|
|
|
|
const parameters = {
|
arvid-e