Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plug.Static: Add support for preset MIME types #1214

Merged
merged 2 commits into from
Apr 3, 2024
Merged

Plug.Static: Add support for preset MIME types #1214

merged 2 commits into from
Apr 3, 2024

Conversation

TheOneric
Copy link
Contributor

It is not always possible to express custom types as a static filename -> type mapping. Currently Plug.Static will (if the file exists) always overwrite the header and halt the connection making it impossible to preset or later overwrite it based on custom logic before calling Plug.Static.
Thus introduce a new option to preserve whatever Content-Type was set or not set before.

This may for example be useful when serving some user-uploaded files and it’s desired to still allow users to share e.g. CSS or JS snippets but to avoid security risks sanitise the Content-Type header to text/plain and also set X-Content-Type-Options: nosniff.

josevalim
josevalim reviewed Apr 2, 2024
View reviewed changes
lib/plug/static.ex Outdated
@@ -168,6 +175,7 @@ defmodule Plug.Static do
et_generation: Keyword.get(opts, :etag_generation, nil),
headers: Keyword.get(opts, :headers, %{}),
content_types: Keyword.get(opts, :content_types, %{}),
set_content_type: Keyword.get(opts, :set_content_type, true),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of a new option, could we use content_types: false instead?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is a good idea, thanks! Updated the patch to extend content_types

@TheOneric
Add support for preset MIME types
6b8ffe3 
It is not always possible to express custom types with a static
filename -> type mapping. Currently Plug.Static will (if the file
exists) always overwrite the header and halt the connection making it
impossible to preset or later overwrite it based on custom logic.

Thus introduce an opt-out mode to preserve whatever
`Content-Type` was set or not set before.
whatyouhide
whatyouhide reviewed Apr 3, 2024
View reviewed changes
lib/plug/static.ex Outdated Show resolved Hide resolved
lib/plug/static.ex Outdated Show resolved Hide resolved
@josevalim josevalim merged commit eabf0b9 into elixir-plug:main Apr 3, 2024
1 of 2 checks passed
@josevalim
Copy link
Member

💚 💙 💜 💛 ❤️

@TheOneric TheOneric deleted the static_set-content-type branch April 3, 2024 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josevalim josevalim josevalim left review comments

@whatyouhide whatyouhide whatyouhide approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TheOneric @josevalim @whatyouhide