Mercurial > p > roundup > code

diff roundup/cgi/client.py @ 8039:e1cff9745fb4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
refactor: make mime_type_allowlist class prop to configure from interfaces.py The list of mime types that are served to the browser was located in a list inside a function. The allow_html_file setting provided a limited mechanism to add/remove the text/html mime type from the list. Move the list from the function to the Client class level so that the admin can add/remove from the list as required using interfaces.py. Also remove application/pdf by default and provide docs in admin_guide.txt on how to reenable viewing pdf's in the browser.
author John Rouillard <rouilj@ieee.org>
date Mon, 17 Jun 2024 23:35:03 -0400
parents 98429efb80cb
children 28aa76443f58
line wrap: on
line diff
--- a/roundup/cgi/client.py	Mon Jun 17 23:18:37 2024 -0400
+++ b/roundup/cgi/client.py	Mon Jun 17 23:35:03 2024 -0400
@@ -373,6 +373,32 @@
     except ImportError:
         pass
 
+    # everything not here is served as 'application/octet-stream'
+    # Moved to class so it can be modified from interfaces.py
+    # Adding:
+    #  from roundup.cgi.client import Client
+    #  Client.mime_type_allowlist.append('application/pdf')
+    # will permit pdf files to be displayed in the browser rather than
+    # downloaded to a file.
+
+    mime_type_allowlist = [
+        'text/plain',
+        'text/x-csrc',    # .c
+        'text/x-chdr',    # .h
+        'text/x-patch',   # .patch and .diff
+        'text/x-python',  # .py
+        'text/xml',
+        'text/csv',
+        'text/css',
+        'image/gif',
+        'image/jpeg',
+        'image/png',
+        'image/svg+xml',
+        'image/webp',
+        'audio/ogg',
+        'video/webm',
+    ]
+
     # mime types of files that are already compressed and should not be
     # compressed on the fly. Can be extended/reduced using interfaces.py.
     # This excludes types from being compressed. Should we have a list
@@ -1859,28 +1885,8 @@
         # --- mime-type security
         # mime type detection is performed in cgi.form_parser
 
-        # everything not here is served as 'application/octet-stream'
-        mime_type_allowlist = [
-            'text/plain',
-            'text/x-csrc',    # .c
-            'text/x-chdr',    # .h
-            'text/x-patch',   # .patch and .diff
-            'text/x-python',  # .py
-            'text/xml',
-            'text/csv',
-            'text/css',
-            'application/pdf',
-            'image/gif',
-            'image/jpeg',
-            'image/png',
-            'image/svg+xml',
-            'image/webp',
-            'audio/ogg',
-            'video/webm',
-        ]
-
         if self.instance.config['WEB_ALLOW_HTML_FILE']:
-            mime_type_allowlist.append('text/html')
+            self.mime_type_allowlist.append('text/html')
 
         try:
             mime_type = klass.get(nodeid, 'type')
@@ -1890,7 +1896,7 @@
         if not mime_type:
             mime_type = 'text/plain'
 
-        if mime_type not in mime_type_allowlist:
+        if mime_type not in self.mime_type_allowlist:
             mime_type = 'application/octet-stream'
 
         # --/ mime-type security
Roundup Issue Tracker: http://roundup-tracker.org/