diff options
author | Rafael França <rafael@franca.dev> | 2019-07-24 15:45:17 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-24 15:45:17 -0400 |
commit | 8013cc02cb8f372324e7383d05862048aa8292d9 (patch) | |
tree | 9cc6700354af1b4d5d22ea95dd86ce9d4b26a6af /guides/source/active_storage_overview.md | |
parent | 01a28f3e6bf9f1550aca9b86b8805051c97a14d6 (diff) | |
parent | 656ef8fd548dfa673a26a12d8d0376c254a426a1 (diff) | |
download | rails-8013cc02cb8f372324e7383d05862048aa8292d9.tar.gz rails-8013cc02cb8f372324e7383d05862048aa8292d9.tar.bz2 rails-8013cc02cb8f372324e7383d05862048aa8292d9.zip |
Merge pull request #36564 from rodrei/docs-active-starage-warning
Update docs with warning on ActiveStorage Content-Disposition override
Diffstat (limited to 'guides/source/active_storage_overview.md')
-rw-r--r-- | guides/source/active_storage_overview.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/guides/source/active_storage_overview.md b/guides/source/active_storage_overview.md index 932a5dc2e9..46263e552a 100644 --- a/guides/source/active_storage_overview.md +++ b/guides/source/active_storage_overview.md @@ -398,6 +398,10 @@ helper allows you to set the disposition. rails_blob_path(user.avatar, disposition: "attachment") ``` +WARNING: To prevent XSS attacks, ActiveStorage forces the Content-Disposition header +to "attachment" for some kind of files. To change this behaviour see the +available configuration opions in [Configuring Rails Applications](configuring.html#configuring-active-storage). + If you need to create a link from outside of controller/view context (Background jobs, Cronjobs, etc.), you can access the rails_blob_path like this: |