mirror of
https://github.com/zulip/zulip.git
synced 2026-06-30 21:11:04 +08:00
Similar to the previous commit, Django was responsible for setting the Content-Disposition based on the filename, whereas the Content-Type was set by nginx based on the filename. This difference is not exploitable, as even if they somehow disagreed with Django's expected Content-Type, nginx will only ever respond with Content-Types found in `uploads.types` -- none of which are unsafe for user-supplied content. However, for consistency, have Django provide both Content-Type and Content-Disposition headers. |
||
|---|---|---|
| .. | ||
| zulip | ||
| zulip_ops | ||
| deps.yaml | ||