Feature #19131

Use a better content type for attachments created with application/octet-stream

Added by Felix Schäfer about 3 years ago. Updated about 3 years ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Email receiving
Target version:3.0.0
Resolution:Fixed

Description

Some email clients will always send attachments with a mime-type of application/octet-stream instead of correctly setting the attachment of the mime-type. We are aware of Outlook 15 showing this behaviour, but it might not be the only one.

This is a problem in the case where the front-end web server behind which Redmine runs sends the X-Content-Type-Options: nosniff header, which stops the browser from trying to guess the mime type of files the server sends it (this header is set on the Planio platform for security reasons).

This combination leads to thumbnails not being shown:

19131.patch Magnifier (18.6 KB) Felix Schäfer, 2015-02-18 20:58

Associated revisions

Revision 14034
Added by Jean-Philippe Lang about 3 years ago

Send a better content type than application/octet-stream (#19131).

History

#1 Updated by Felix Schäfer about 3 years ago

The attached patch tries to better guess the mime type of attachments incoming via email if the mime-type of the attachment is set to application/octet-stream.

If this is an acceptable solution, I would also add a migration to try to find a better mime type than application/octet-stream for existing attachments with that content type.

#2 Updated by Jean-Philippe Lang about 3 years ago

Any reason to do this in the mail handler and not in the Attachment model? If an image is uploaded via a browser or the API with an incorrect content type, thumbnails and inline images might be broken as well.

#3 Updated by Felix Schäfer about 3 years ago

We have only observed this for emails, but this can be moved to the model without problem too. I will adapt the patch in consequence.

#4 Updated by Jean-Philippe Lang about 3 years ago

Or maybe just store the provided content type and guess a better one when a serving a file, just like it's already done when an attachment have a blank content type. No need for a migration each time we change the guess rule.

#5 Updated by Jean-Philippe Lang about 3 years ago

Index: app/controllers/attachments_controller.rb
===================================================================
--- app/controllers/attachments_controller.rb    (revision 13994)
+++ app/controllers/attachments_controller.rb    (working copy)
@@ -183,7 +183,7 @@

   def detect_content_type(attachment)
     content_type = attachment.content_type
-    if content_type.blank?
+    if content_type.blank? || content_type == "application/octet-stream" 
       content_type = Redmine::MimeType.of(attachment.filename)
     end
     content_type.to_s

#6 Updated by Felix Schäfer about 3 years ago

This is in fact exactly what we have done for Planio until we had worked out a solution here. I had thought the create-time guessing better as this would have to be done only once for each attachment, but that works well too and avoids additional migrations.

#7 Updated by Toshi MARUYAMA about 3 years ago

OpenProject (GPL3) uses another approach of attachment detection.
https://github.com/opf/openproject/commit/fb096b0c86eec9bf49612ef6c8768000c3099841

#8 Updated by Jean-Philippe Lang about 3 years ago

Toshi MARUYAMA wrote:

OpenProject (GPL3) uses another approach of attachment detection.

Sounds a bit overkill to me.

#9 Updated by Jean-Philippe Lang about 3 years ago

  • Tracker changed from Defect to Feature
  • Subject changed from Don't trust MUAs to always set the correct mime-type for attachments to Use a better content type for attachments created with application/octet-stream
  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version set to 3.0.0
  • Resolution set to Fixed

Change committed in r14034.

#10 Updated by Jean-Philippe Lang about 3 years ago

  • Status changed from Resolved to Closed

#11 Updated by Felix Schäfer about 3 years ago

Thanks!

Also available in: Atom PDF