Add feature flag for workhorse content type calculation

author: Francisco Javier López <fjlopez@gitlab.com> 2018-12-07 00:22:39 +0300
committer: Nick Thomas <nick@gitlab.com> 2018-12-07 00:22:39 +0300
commit: cf8b8ff99b26d0a1f90be289cea08344bb8baff6 (patch)
tree: 1dfbc129a7be2e2d15ce9343045275fdcdce3be3 /app/helpers/blob_helper.rb
parent: c3bbad762d418857e3f5b52222f5eedd62663229 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb
index 638744a1426..bd42f00944f 100644
--- a/app/helpers/blob_helper.rb
+++ b/app/helpers/blob_helper.rb
@@ -140,6 +140,8 @@ module BlobHelper
     Gitlab::Sanitizers::SVG.clean(data)
   end
 
+  # Remove once https://gitlab.com/gitlab-org/gitlab-ce/issues/36103 is closed
+  # and :workhorse_set_content_type flag is removed
   # If we blindly set the 'real' content type when serving a Git blob we
   # are enabling XSS attacks. An attacker could upload e.g. a Javascript
   # file to a Git repository, trick the browser of a victim into
@@ -161,6 +163,8 @@ module BlobHelper
   end
 
   def content_disposition(blob, inline)
+    # Remove the following line when https://gitlab.com/gitlab-org/gitlab-ce/issues/36103
+    # is closed and :workhorse_set_content_type flag is removed
     return 'attachment' if blob.extension == 'svg'
 
     inline ? 'inline' : 'attachment'
author	Francisco Javier López <fjlopez@gitlab.com>	2018-12-07 00:22:39 +0300
committer	Nick Thomas <nick@gitlab.com>	2018-12-07 00:22:39 +0300
commit	cf8b8ff99b26d0a1f90be289cea08344bb8baff6 (patch)
tree	1dfbc129a7be2e2d15ce9343045275fdcdce3be3 /app/helpers/blob_helper.rb
parent	c3bbad762d418857e3f5b52222f5eedd62663229 (diff)