plik
plik copied to clipboard
root-gg
Wrong Content-Type header for SVG images
When serving SVG files plik server sets
Content-Type | text/xml; charset=utf-8
Tested on Firefox 86.0.1, invalid content type prevents proper display of transparency and probably more elements of SVG files.
Content type should be set to "image/svg+xml" https://www.w3.org/TR/SVG11/mimereg.html
Thanks for reporting that. The library we use might be unable to properly detect those files.
The funny thing is that mime type is properly set in the DB when upload is created through web GUI (browser sends file type in request body)
POST /upload
{"ttl":2592000,"files":[{"fileName":"zabawka.svg","fileType":"image/svg+xml","fileSize":13243,"reference":"0"}]}
However when later actual file is sent the file type gets detected using net/http.DetectContentType and DB entry is overwritten with wrong fileType.
POST /file/<t1>/<t2>/zabawka.svg
Plik use golang http mime sniffer to resolve content types https://golang.org/pkg/net/http/#DetectContentType
This is a security measure to avoid possibilities to set fake content-types ( img -> exe ). The client library may send the fileType as a useful debug info.
https://github.com/root-gg/plik/issues/172
Le dim. 1 août 2021 à 21:21, BR @.***> a écrit :
The funny thing is that mime type is properly set in the DB when upload is created through web GUI (browser sends file type in request body)
POST /upload
{"ttl":2592000,"files":[{"fileName":"zabawka.svg","fileType":"image/svg+xml","fileSize":13243,"reference":"0"}]}
However when later actual file is sent the file type gets detected using net/http.DetectContentType and DB entry is overwritten with wrong fileType . (POST /file///zabawkaled.svg)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/root-gg/plik/issues/354#issuecomment-890572634, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABQ5XPVQ3DCOPLX4BQAKC23T2WNDJANCNFSM4Z6MKBFQ .