Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attached files are rendered as text #18312

Closed
nmagedman opened this issue Jul 20, 2020 · 2 comments · Fixed by #30427
Closed

Attached files are rendered as text #18312

nmagedman opened this issue Jul 20, 2020 · 2 comments · Fixed by #30427
Labels
stat: triaged Issue reviewed and properly tagged

Comments

@nmagedman
Copy link
Contributor

Description:

PR #16232 introduced a BREAKING CHANGE even though it was labelled as a bugfix.
That PR adds the HTTP header x-content-type-options: nosniff which is a good security move, however it breaks installations that do not yet set the Content-Type. Had it been labelled a BREAKING CHANGE, I could have ensured that we were setting our MIME types properly before upgrading.

Steps to reproduce:

  1. Upload an image to a chat room (or find a pre-existing one)
  2. Click on the image title (not the image itself).
  3. The image will load in a new tab.

Expected behavior:

The image to be displayed properly in the new browser tab.

Actual behavior:

The contents of the image file are displayed as plain text. e.g. a PNG file is displayed as

‰PNG
�
���
IHDR�������_�����
...

Server Setup Information:

  • Version of Rocket.Chat Server: 3.4.2
  • Operating System: Linux
  • Deployment Method: tar
  • Number of Running Instances: 15
  • DB Replicaset Oplog: enabled
  • NodeJS Version: 12.16.1
  • MongoDB Version: 4.0.18

Client Setup Information

  • Desktop App or Browser Version: Chrome 83.0.4103.116
  • Operating System: MacOS Catalina 10.15.5
@github-actions
Copy link
Contributor

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stat: stale Stale issues will be automatically closed if no activity label Sep 18, 2020
@rodrigok rodrigok reopened this Oct 20, 2020
@rodrigok rodrigok added Triaged and removed stat: stale Stale issues will be automatically closed if no activity labels Oct 20, 2020
@milton-rucks
Copy link

@rodrigok , I believe we can close this one. @damian-centrone tested and now it's working fine.

@ggazzo ggazzo closed this as completed Sep 23, 2021
@tassoevan tassoevan added stat: triaged Issue reviewed and properly tagged and removed Triaged labels Oct 27, 2022
@nmagedman nmagedman mentioned this issue Sep 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stat: triaged Issue reviewed and properly tagged
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Improve FileProxy Handling, set Content-Type nmagedman/Rocket.Chat
5 participants
@rodrigok @nmagedman @tassoevan @ggazzo @milton-rucks