Mercurial > p > roundup > code
comparison doc/admin_guide.txt @ 8039:e1cff9745fb4
refactor: make mime_type_allowlist class prop to configure from interfaces.py
The list of mime types that are served to the browser was located in a
list inside a function. The allow_html_file setting provided a limited
mechanism to add/remove the text/html mime type from the list.
Move the list from the function to the Client class level so that the
admin can add/remove from the list as required using interfaces.py.
Also remove application/pdf by default and provide docs in
admin_guide.txt on how to reenable viewing pdf's in the browser.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 17 Jun 2024 23:35:03 -0400 |
| parents | 098ceff38349 |
| children | 704757c71b84 |
comparison
equal
deleted
inserted
replaced
| 8038:5a122373641a | 8039:e1cff9745fb4 |
|---|---|
| 321 files, the data will be compressed dynamically (on the fly) using | 321 files, the data will be compressed dynamically (on the fly) using |
| 322 brotli. If there is a precompressed gzip file present the client will | 322 brotli. If there is a precompressed gzip file present the client will |
| 323 get the gzip version and not a brotli compressed version. This | 323 get the gzip version and not a brotli compressed version. This |
| 324 mechanism allows the admin to allow use of brotli and zstd for | 324 mechanism allows the admin to allow use of brotli and zstd for |
| 325 dynamic content, but not for static content. | 325 dynamic content, but not for static content. |
| 326 | |
| 327 .. _browser_handling_attached_files: | |
| 328 | |
| 329 .. index:: single: interfaces.py; Controlling browser handling of attached files | |
| 330 | |
| 331 Controlling Browser Handling of Attached Files | |
| 332 ============================================== | |
| 333 | |
| 334 You may be aware of the ``allow_html_file`` `config.ini setting | |
| 335 <reference.html#config-ini-section-web>`_. When set to yes, it permits | |
| 336 html files to be attached and displayed in the browser as html | |
| 337 files. The underlying mechanism used to enable/disable attaching HTML | |
| 338 is exposed using ``interfaces.py``. | |
| 339 | |
| 340 Similar to ``Client.precompressed_mime_types`` above, there is a | |
| 341 ``Client.mime_type_allowlist``. If a mime type is present in this | |
| 342 list, an attachment with this mime type is served to the browser. If | |
| 343 the mime type is not present, the mime type is set to | |
| 344 ``application/octet-stream`` which causes the browser to download the | |
| 345 attachment to a file. | |
| 346 | |
| 347 In release 2.4.0, the mime type ``application/pdf`` was removed from | |
| 348 the precompressed_mime_types list. This prevents the browser from | |
| 349 executing scripts that may be included in the PDF file. If you trust | |
| 350 the individuals uploading PDF files to your tracker and wish to allow | |
| 351 viewing PDF files from your tracker, you can do so by editing your | |
| 352 tracker's "interfaces.py" file. Adding:: | |
| 353 | |
| 354 from roundup.cgi.client import Client | |
| 355 Client.mime_type_allowlist.append('application/pdf') | |
| 356 | |
| 357 will permit the PDF files to be viewed in the browser rather than | |
| 358 downloaded to a file. | |
| 359 | |
| 360 Similarly, you can remove a mime type (e.g. audio/oog) using:: | |
| 361 | |
| 362 from roundup.cgi.client import Client | |
| 363 Client.mime_type_allowlist.remove('audio/oog') | |
| 364 | |
| 365 which will force the browser to save the attachment to a file rather | |
| 366 than playing the audio file. | |
| 326 | 367 |
| 327 .. index:: single: interfaces.py; setting REST maximum result limit | 368 .. index:: single: interfaces.py; setting REST maximum result limit |
| 328 | 369 |
| 329 Configuring REST Maximum Result Limit | 370 Configuring REST Maximum Result Limit |
| 330 ===================================== | 371 ===================================== |