Actions
Feature #19131
closed
Use a better content type for attachments created with application/octet-stream
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Fixed
Description
Some email clients will always send attachments with a mime-type of application/octet-stream instead of correctly setting the attachment of the mime-type. We are aware of Outlook 15 showing this behaviour, but it might not be the only one.
This is a problem in the case where the front-end web server behind which Redmine runs sends the X-Content-Type-Options: nosniff header, which stops the browser from trying to guess the mime type of files the server sends it (this header is set on the Planio platform for security reasons).
- Redmine blindly trusts the mime-type set by the email client source:/branches/2.6-stable/app/models/mail_handler.rb#L276
- This mime-type gets stored to the DB
- And is served back as the Content-Type of the corresponding thumbnail source:/branches/2.6-stable/app/controllers/attachments_controller.rb#L63
- The browser tries to fetch the thumbnail but gets a file with the Content-Type set to
application/octet-stream, which isn't considered an image and a broken link/broken image is shown.
Files
Updated by 
Updated by Toshi MARUYAMA
Updated by Jean-Philippe Lang about 10 years ago
- Tracker changed from Defect to Feature
- Subject changed from Don't trust MUAs to always set the correct mime-type for attachments to Use a better content type for attachments created with application/octet-stream
- Status changed from New to Resolved
- Assignee set to Jean-Philippe Lang
- Target version set to 3.0.0
- Resolution set to Fixed
Actions