nat
2 בינואר, 2025, 5:04pm
16
Just a quick update -
The ext_mime_db above that we use follows IANA Media Types defined here - https://www.iana.org/assignments/media-types/media-types.xhtml . Unfortunately, this means that mp4 is correctly application/mp4
Though, looking into our S3 uploader implementation further, I do see that we are adding Content-Disposition header "attachment" for pretty much every upload that is not an image, but it feels like it was only intended to be added for svgs. Using "attachment" would result in the content to get downloaded rather than open in a new tab. For videos, it is a mixture of application/video and attachment that is causing this.
We can at least remove this header, I think.
main ← use-inline-no-download
merged 02:32AM - 07 Jan 25 UTC
Back then in https://github.com/discourse/discourse/commit/31e31ef44973dc4daaee2… f010d71588ea5873b53, we added the [Content-Disposition](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition) headers so that SVGs get downloaded instead of get run in the browser. Inadvertently, this also causes other attachments like pdfs and videos to be downloaded instead of heeding the "Open in new tab" option that users choose in the browser.
### Problem video with `Content-Disposition: attachment`:
https://github.com/user-attachments/assets/f05d388f-4454-4615-9d5a-7a0a66fe3b52
When the header is removed, the default value is `"inline"`, this allows the browser to perform as requested. This also applies to other file types like pdfs, allowing users to "Open in new tab" and view them in the browser instead of always downloading them.
Existing tests (https://github.com/discourse/discourse/pull/10205) already do check that SVGs remain downloaded. Some existing tests written for PDFs have been modified to cater for SVGs instead, when there was a bug in defining the filenames per https://github.com/discourse/discourse/pull/10108
2 לייקים
