Use a better content type for attachments created with application/octet-stream
Added by Felix Schäfer over 8 years ago.
Updated over 8 years ago.
Some email clients will always send attachments with a mime-type of
application/octet-stream instead of correctly setting the attachment of the mime-type. We are aware of Outlook 15 showing this behaviour, but it might not be the only one.
This is a problem in the case where the front-end web server behind which Redmine runs sends the
X-Content-Type-Options: nosniff header, which stops the browser from trying to guess the mime type of files the server sends it (this header is set on the Planio platform for security reasons).
This combination leads to thumbnails not being shown:
The attached patch tries to better guess the mime type of attachments incoming via email if the mime-type of the attachment is set to
If this is an acceptable solution, I would also add a migration to try to find a better mime type than
application/octet-stream for existing attachments with that content type.
Any reason to do this in the mail handler and not in the Attachment model? If an image is uploaded via a browser or the API with an incorrect content type, thumbnails and inline images might be broken as well.
We have only observed this for emails, but this can be moved to the model without problem too. I will adapt the patch in consequence.
Or maybe just store the provided content type and guess a better one when a serving a file, just like it's already done when an attachment have a blank content type. No need for a migration each time we change the guess rule.
--- app/controllers/attachments_controller.rb (revision 13994)
+++ app/controllers/attachments_controller.rb (working copy)
@@ -183,7 +183,7 @@
content_type = attachment.content_type
- if content_type.blank?
+ if content_type.blank? || content_type == "application/octet-stream"
content_type = Redmine::MimeType.of(attachment.filename)
This is in fact exactly what we have done for Planio until we had worked out a solution here. I had thought the create-time guessing better as this would have to be done only once for each attachment, but that works well too and avoids additional migrations.
Toshi MARUYAMA wrote:
OpenProject (GPL3) uses another approach of attachment detection.
Sounds a bit overkill to me.
- Tracker changed from Defect to Feature
- Subject changed from Don't trust MUAs to always set the correct mime-type for attachments to Use a better content type for attachments created with application/octet-stream
- Status changed from New to Resolved
- Assignee set to Jean-Philippe Lang
- Target version set to 3.0.0
- Resolution set to Fixed
- Status changed from Resolved to Closed
Also available in: Atom