Feature #33902
closed
Server-Handler for GIF
0%
Description
All images were downloaded from the browser, not only .GIF, but also .gif, .png, etc.
A method in Redmine had to be overwritten.
I am publishing something here for the first time, please be lenient.
I also hope that the patch file I have created is correct. (attachments_controller.rb edited)
Files
Updated by Bernhard Rohloff about 4 years ago
First of all thank you for your contribution. Every patch counts. :-)
This area of Redmine is a dark spot on my map. I have read the description but I have no clue what the issue is about, or what this patch does. Could you describe it to me on a specific use case? If i do this, than Redmine should do that.
It would also help to choose a category for the improvement. Is this patch related to issue tracking?
You also mention that the attachments_controller.rb was edited, but I cannot find it in you patch.
Updated by der gl0wn about 4 years ago
Hi Bernhard Ganslmeier Rohloff,
guess you could say that.
In our company we did not want the images to be downloaded automatically, but rather open them in the browser.
I think I messed up something with the patch itself, the
dispositionmethod is overwritten with the patch.
Updated by Go MAEDA about 4 years ago
The reason for sending images with a "Content-Disposition: attachment" is to fix a security flaw CVE-2017-15574. The change was made in r16285.
Updated by Go MAEDA about 4 years ago
- Status changed from New to Closed
- Resolution set to Wont fix
Go MAEDA wrote:
The reason for sending images with a "Content-Disposition: attachment" is to fix a security flaw CVE-2017-15574. The change was made in r16285.
Closing this issue.