1. python_mirrors
  2. tracker/rietveld

Commits

Marc-Antoine Ruel  committed 9ab36a1 Draft

Enforce content-disposition=attachment on image urls

Review: http://codereview.appspot.com/5607057/

  • Participants
  • Parent commits da188fb
  • Branches default

Comments (0)

Files changed (1)

File codereview/views.py

View file
  • Ignore whitespace
 @image_required
 def image(request):
   """/<issue>/content/<patchset>/<patch>/<content> - Return patch's content."""
-  return HttpResponse(request.content.data, content_type=request.mime_type)
+  response = HttpResponse(request.content.data, content_type=request.mime_type)
+  filename = re.sub(
+      r'[^\w\.]', '_', response.patch.filename.encode('ascii', 'replace'))
+  response['Content-Disposition'] = 'attachment; filename="%s"' % filename
+  response['Cache-Control'] = 'no-cache, no-store'
+  return response
 
 
 @patch_required