[
https://issues.apache.org/jira/browse/OFBIZ-6702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991822#comment-14991822 ]
Gareth Carter commented on OFBIZ-6702:
--------------------------------------
Patch seems to work.
May have found a slight security issue with this (could have been in the links in previous comments), if a html file is stored in DataResource, the the mime type would be text/html. This causes the html to be rendered as a web page rather than viewed as text in the browser window. My suggestion would be return text/plain or application/octet-stream for uploaded html files, this would cause either download or viewing the html contents if inline was set
> Update SimpleContentViewHandler to return mime type on file extension and use inline for content-disposition
> ------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-6702
> URL:
https://issues.apache.org/jira/browse/OFBIZ-6702> Project: OFBiz
> Issue Type: Improvement
> Components: content
> Affects Versions: Trunk
> Reporter: Gareth Carter
> Assignee: Jacques Le Roux
> Priority: Trivial
> Attachments: ContentDisposition.patch, OFBIZ-6702.patch, SimpleContentViewHandler.java.patch
>
>
> SimpleContentViewHandler will return mime type 'text/html' for all DataResource values without a specified mimeTypeId. Changing to DataResourceWorker.getMimeType will allow determining the mimeTypeId by file extension
> Fixing the mime type will allow the browsers to display content inline if UtilHttp is updated aswell. All unknown extensions will be set to octet-stream causing the browser to prompt for download
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
