summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/fileserver/staticfiles.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddyhttp/fileserver/staticfiles.go')
-rw-r--r--modules/caddyhttp/fileserver/staticfiles.go14
1 files changed, 11 insertions, 3 deletions
diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go
index 080e1a8..49c2be4 100644
--- a/modules/caddyhttp/fileserver/staticfiles.go
+++ b/modules/caddyhttp/fileserver/staticfiles.go
@@ -4,6 +4,7 @@ import (
"fmt"
"html/template"
weakrand "math/rand"
+ "mime"
"net/http"
"os"
"path"
@@ -185,14 +186,21 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request) error
// TODO: Etag
- // do not allow Go to sniff the content-type
if w.Header().Get("Content-Type") == "" {
- w.Header()["Content-Type"] = nil
+ mtyp := mime.TypeByExtension(filepath.Ext(filename))
+ if mtyp == "" {
+ // do not allow Go to sniff the content-type; see
+ // https://www.youtube.com/watch?v=8t8JYpt0egE
+ // TODO: Consider writing a default mime type of application/octet-stream - this is secure but violates spec
+ w.Header()["Content-Type"] = nil
+ } else {
+ w.Header().Set("Content-Type", mtyp)
+ }
}
// let the standard library do what it does best; note, however,
// that errors generated by ServeContent are written immediately
- // to the response, so we cannot handle them (but errors here
+ // to the response, so we cannot handle them (but errors there
// are rare)
http.ServeContent(w, r, info.Name(), info.ModTime(), file)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 20:46:15 +0000