Removing workhorse_set_content_type feature flag

Removing workhorse_set_content_type feature flag introduced in
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22667

1 files changed, 0 insertions, 30 deletions

diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb
index bd42f00944f..4c8e1b209c0 100644
--- a/app/helpers/blob_helper.rb
+++ b/app/helpers/blob_helper.rb
@@ -140,36 +140,6 @@ module BlobHelper
     Gitlab::Sanitizers::SVG.clean(data)
   end
 
-  # Remove once https://gitlab.com/gitlab-org/gitlab-ce/issues/36103 is closed
-  # and :workhorse_set_content_type flag is removed
-  # If we blindly set the 'real' content type when serving a Git blob we
-  # are enabling XSS attacks. An attacker could upload e.g. a Javascript
-  # file to a Git repository, trick the browser of a victim into
-  # downloading the blob, and then the 'application/javascript' content
-  # type would tell the browser to execute the attacker's Javascript. By
-  # overriding the content type and setting it to 'text/plain' (in the
-  # example of Javascript) we tell the browser of the victim not to
-  # execute untrusted data.
-  def safe_content_type(blob)
-    if blob.extension == 'svg'
-      blob.mime_type
-    elsif blob.text?
-      'text/plain; charset=utf-8'
-    elsif blob.image?
-      blob.content_type
-    else
-      'application/octet-stream'
-    end
-  end
-
-  def content_disposition(blob, inline)
-    # Remove the following line when https://gitlab.com/gitlab-org/gitlab-ce/issues/36103
-    # is closed and :workhorse_set_content_type flag is removed
-    return 'attachment' if blob.extension == 'svg'
-
-    inline ? 'inline' : 'attachment'
-  end
-
   def ref_project
     @ref_project ||= @target_project || @project
   end