Feature #33902
closed
Added by der gl0wn about 4 years ago.
Updated about 4 years ago.
Description
All images were downloaded from the browser, not only .GIF, but also .gif, .png, etc.
A method in Redmine had to be overwritten.
I am publishing something here for the first time, please be lenient.
I also hope that the patch file I have created is correct. (attachments_controller.rb edited)
Files
First of all thank you for your contribution. Every patch counts. :-)
This area of Redmine is a dark spot on my map. I have read the description but I have no clue what the issue is about, or what this patch does. Could you describe it to me on a specific use case? If i do this, than Redmine should do that.
It would also help to choose a category for the improvement. Is this patch related to issue tracking?
You also mention that the attachments_controller.rb was edited, but I cannot find it in you patch.
Hi Bernhard Ganslmeier Rohloff,
guess you could say that.
In our company we did not want the images to be downloaded automatically, but rather open them in the browser.
I think I messed up something with the patch itself, the
disposition
method is overwritten with the patch.
The reason for sending images with a "Content-Disposition: attachment" is to fix a security flaw CVE-2017-15574. The change was made in r16285.
- Category set to Attachments
- Status changed from New to Closed
- Resolution set to Wont fix
Go MAEDA wrote:
The reason for sending images with a "Content-Disposition: attachment" is to fix a security flaw CVE-2017-15574. The change was made in r16285.
Closing this issue.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by