diff options
| author | George Claghorn <george.claghorn@gmail.com> | 2018-10-08 11:21:13 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-10-08 11:21:13 -0400 |
| commit | b4578c8b7fafddfb86b6ebe64ae34e6281d4160d (patch) | |
| tree | c4aac1f37428506d839e42f696ee87b9820f1fcd /activestorage | |
| parent | d4127a014c110faa9c4611244f01f4320616a49b (diff) | |
| parent | bba5ecc923bbc8a635913c1101188163cb9699be (diff) | |
| download | rails-b4578c8b7fafddfb86b6ebe64ae34e6281d4160d.tar.gz rails-b4578c8b7fafddfb86b6ebe64ae34e6281d4160d.tar.bz2 rails-b4578c8b7fafddfb86b6ebe64ae34e6281d4160d.zip | |
Fix directly uploading using a MIME type synonym
When Content-Type is "application/x-gzip", request.content_type resolves to "application/gzip", because application/x-gzip is a synonym of application/gzip by default. This causes the acceptable_content? check in ActiveStorage::DiskController to fail, because the direct upload token contains application/x-gzip, which is not equal to application/gzip.
Fix by comparing the token content type with the request content type *and its synonyms*.
Diffstat (limited to 'activestorage')
| -rw-r--r-- | activestorage/app/controllers/active_storage/disk_controller.rb | 2 | ||||
| -rw-r--r-- | activestorage/test/controllers/disk_controller_test.rb | 10 |
2 files changed, 11 insertions, 1 deletions
diff --git a/activestorage/app/controllers/active_storage/disk_controller.rb b/activestorage/app/controllers/active_storage/disk_controller.rb index 7bd641ab9a..99982202dd 100644 --- a/activestorage/app/controllers/active_storage/disk_controller.rb +++ b/activestorage/app/controllers/active_storage/disk_controller.rb @@ -61,6 +61,6 @@ class ActiveStorage::DiskController < ActiveStorage::BaseController end def acceptable_content?(token) - token[:content_type] == request.content_type && token[:content_length] == request.content_length + token[:content_type] == request.content_mime_type && token[:content_length] == request.content_length end end diff --git a/activestorage/test/controllers/disk_controller_test.rb b/activestorage/test/controllers/disk_controller_test.rb index 4bc61d13f3..7b5e989699 100644 --- a/activestorage/test/controllers/disk_controller_test.rb +++ b/activestorage/test/controllers/disk_controller_test.rb @@ -67,6 +67,16 @@ class ActiveStorage::DiskControllerTest < ActionDispatch::IntegrationTest assert_not blob.service.exist?(blob.key) end + test "directly uploading blob with different but equivalent content type" do + data = "Something else entirely!" + blob = create_blob_before_direct_upload( + byte_size: data.size, checksum: Digest::MD5.base64digest(data), content_type: "application/x-gzip") + + put blob.service_url_for_direct_upload, params: data, headers: { "Content-Type" => "application/x-gzip" } + assert_response :no_content + assert_equal data, blob.download + end + test "directly uploading blob with mismatched content length" do data = "Something else entirely!" blob = create_blob_before_direct_upload byte_size: data.size - 1, checksum: Digest::MD5.base64digest(data) |