When serving output files, intelligently determine the appropriate content-type.

cherry pick 6fa3fda3ed28239cf3ac9720629f9707663aa197 from datajoy.
2015-09-21 14:04:08 +01:00
parent d83efdbc98
commit 29be2dc700
3 changed files with 79 additions and 5 deletions
--- a/app.coffee
+++ b/app.coffee
@@ -3,6 +3,7 @@ Settings = require "settings-sharelatex"
 logger = require "logger-sharelatex"
 logger.initialize("clsi")
 smokeTest = require "smoke-test-sharelatex"
+ContentTypeMapper = require "./app/js/ContentTypeMapper"

 Path = require "path"
 fs = require "fs"
@@ -46,17 +47,13 @@ ForbidSymlinks = require "./app/js/StaticServerForbidSymlinks"
 # and serving the files
 staticServer = ForbidSymlinks express.static, Settings.path.compilesDir, setHeaders: (res, path, stat) ->
 	if Path.basename(path) == "output.pdf"
-		res.set("Content-Type", "application/pdf")
 		# Calculate an etag in the same way as nginx
 		# https://github.com/tj/send/issues/65
 		etag = (path, stat) ->
 			'"' + Math.ceil(+stat.mtime / 1000).toString(16) +
 			'-' + Number(stat.size).toString(16) + '"'
 		res.set("Etag", etag(path, stat))
-	else
-		# Force plain treatment of other file types to prevent hosting of HTTP/JS files
-		# that could be used in same-origin/XSS attacks.
-		res.set("Content-Type", "text/plain")
+	res.set("Content-Type", ContentTypeMapper.map(path))

 app.get "/project/:project_id/output/*", (req, res, next) ->
 	if req.query?.build? && req.query.build.match(OutputCacheManager.BUILD_REGEX)