Project

General

Profile

Actions

Feature #19131

closed

Use a better content type for attachments created with application/octet-stream

Added by Felix Schäfer almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Category:
Email receiving
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

Some email clients will always send attachments with a mime-type of application/octet-stream instead of correctly setting the attachment of the mime-type. We are aware of Outlook 15 showing this behaviour, but it might not be the only one.

This is a problem in the case where the front-end web server behind which Redmine runs sends the X-Content-Type-Options: nosniff header, which stops the browser from trying to guess the mime type of files the server sends it (this header is set on the Planio platform for security reasons).

This combination leads to thumbnails not being shown:

Files

19131.patch (18.6 KB) 19131.patch Felix Schäfer, 2015-02-18 20:58
Actions #1

Updated by Felix Schäfer almost 10 years ago

The attached patch tries to better guess the mime type of attachments incoming via email if the mime-type of the attachment is set to application/octet-stream.

If this is an acceptable solution, I would also add a migration to try to find a better mime type than application/octet-stream for existing attachments with that content type.

Actions #2

Updated by Jean-Philippe Lang almost 10 years ago

Any reason to do this in the mail handler and not in the Attachment model? If an image is uploaded via a browser or the API with an incorrect content type, thumbnails and inline images might be broken as well.

Actions #3

Updated by Felix Schäfer almost 10 years ago

We have only observed this for emails, but this can be moved to the model without problem too. I will adapt the patch in consequence.

Actions #4

Updated by Jean-Philippe Lang almost 10 years ago

Or maybe just store the provided content type and guess a better one when a serving a file, just like it's already done when an attachment have a blank content type. No need for a migration each time we change the guess rule.

Actions #5

Updated by Jean-Philippe Lang almost 10 years ago

Index: app/controllers/attachments_controller.rb
===================================================================
--- app/controllers/attachments_controller.rb    (revision 13994)
+++ app/controllers/attachments_controller.rb    (working copy)
@@ -183,7 +183,7 @@

   def detect_content_type(attachment)
     content_type = attachment.content_type
-    if content_type.blank?
+    if content_type.blank? || content_type == "application/octet-stream" 
       content_type = Redmine::MimeType.of(attachment.filename)
     end
     content_type.to_s

Actions #6

Updated by Felix Schäfer almost 10 years ago

This is in fact exactly what we have done for Planio until we had worked out a solution here. I had thought the create-time guessing better as this would have to be done only once for each attachment, but that works well too and avoids additional migrations.

Actions #7

Updated by Toshi MARUYAMA almost 10 years ago

OpenProject (GPL3) uses another approach of attachment detection.
https://github.com/opf/openproject/commit/fb096b0c86eec9bf49612ef6c8768000c3099841

Actions #8

Updated by Jean-Philippe Lang almost 10 years ago

Toshi MARUYAMA wrote:

OpenProject (GPL3) uses another approach of attachment detection.

Sounds a bit overkill to me.

Actions #9

Updated by Jean-Philippe Lang almost 10 years ago

  • Tracker changed from Defect to Feature
  • Subject changed from Don't trust MUAs to always set the correct mime-type for attachments to Use a better content type for attachments created with application/octet-stream
  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version set to 3.0.0
  • Resolution set to Fixed

Change committed in r14034.

Actions #10

Updated by Jean-Philippe Lang almost 10 years ago

  • Status changed from Resolved to Closed
Actions #11

Updated by Felix Schäfer almost 10 years ago

Thanks!

Actions

Also available in: Atom PDF