mirror of https://github.com/zulip/zulip.git
23894fc9a3
Similar to the previous commit, Django was responsible for setting the Content-Disposition based on the filename, whereas the Content-Type was set by nginx based on the filename. This difference is not exploitable, as even if they somehow disagreed with Django's expected Content-Type, nginx will only ever respond with Content-Types found in `uploads.types` -- none of which are unsafe for user-supplied content. However, for consistency, have Django provide both Content-Type and Content-Disposition headers. |
||
|---|---|---|
| .. | ||
| files | ||
| lib/puppet | ||
| manifests | ||
| templates | ||