diff options
| author | George Claghorn <george.claghorn@gmail.com> | 2018-10-08 11:21:13 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-10-08 11:21:13 -0400 |
| commit | b4578c8b7fafddfb86b6ebe64ae34e6281d4160d (patch) | |
| tree | c4aac1f37428506d839e42f696ee87b9820f1fcd /activestorage/app | |
| parent | d4127a014c110faa9c4611244f01f4320616a49b (diff) | |
| parent | bba5ecc923bbc8a635913c1101188163cb9699be (diff) | |
| download | rails-b4578c8b7fafddfb86b6ebe64ae34e6281d4160d.tar.gz rails-b4578c8b7fafddfb86b6ebe64ae34e6281d4160d.tar.bz2 rails-b4578c8b7fafddfb86b6ebe64ae34e6281d4160d.zip | |
Fix directly uploading using a MIME type synonym
When Content-Type is "application/x-gzip", request.content_type resolves to "application/gzip", because application/x-gzip is a synonym of application/gzip by default. This causes the acceptable_content? check in ActiveStorage::DiskController to fail, because the direct upload token contains application/x-gzip, which is not equal to application/gzip.
Fix by comparing the token content type with the request content type *and its synonyms*.
Diffstat (limited to 'activestorage/app')
| -rw-r--r-- | activestorage/app/controllers/active_storage/disk_controller.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/activestorage/app/controllers/active_storage/disk_controller.rb b/activestorage/app/controllers/active_storage/disk_controller.rb index 7bd641ab9a..99982202dd 100644 --- a/activestorage/app/controllers/active_storage/disk_controller.rb +++ b/activestorage/app/controllers/active_storage/disk_controller.rb @@ -61,6 +61,6 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController end def acceptable_content?(token) - token[:content_type] == request.content_type && token[:content_length] == request.content_length + token[:content_type] == request.content_mime_type && token[:content_length] == request.content_length end end |