From f7858ee2983d32b2bd4acd89f08567a8ae72541e Mon Sep 17 00:00:00 2001 From: ryosei-f Date: Tue, 23 Dec 2025 07:33:08 +0000 Subject: [PATCH 1/3] fix content disposition header logic --- .../service/file-uploader/utils/headers.ts | 29 ++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/apps/app/src/server/service/file-uploader/utils/headers.ts b/apps/app/src/server/service/file-uploader/utils/headers.ts index 489f1ab31fb..5e25f770f79 100644 --- a/apps/app/src/server/service/file-uploader/utils/headers.ts +++ b/apps/app/src/server/service/file-uploader/utils/headers.ts @@ -3,9 +3,35 @@ import type { Response } from 'express'; import type { ExpressHttpHeader } from '~/server/interfaces/attachment'; import type { IAttachmentDocument } from '~/server/models/attachment'; +import { configManager } from '../../config-manager'; + type ContentHeaderField = 'Content-Type' | 'Content-Security-Policy' | 'Content-Disposition' | 'Content-Length'; type ContentHeader = ExpressHttpHeader; +/** + * Determine Content-Disposition based on MIME type configuration. + * Checks the configured inline/attachment MIME types and falls back to opts.inline if not configured. + */ +// 呼び出し元を大量に修正したくないが、headers.ts を pure utility に保ちたかったから関数を作って分けた +const determineDisposition = ( + fileFormat: string, + opts?: { inline?: boolean }, +): 'inline' | 'attachment' => { + const inlineMimeTypes = configManager.getConfig('attachments:contentDisposition:inlineMimeTypes').inlineMimeTypes; + const attachmentMimeTypes = configManager.getConfig('attachments:contentDisposition:attachmentMimeTypes').attachmentMimeTypes; + + const normalizedFileFormat = fileFormat.toLowerCase(); + + if (attachmentMimeTypes.some(mimeType => mimeType.toLowerCase() === normalizedFileFormat)) { + return 'attachment'; + } + if (inlineMimeTypes.some(mimeType => mimeType.toLowerCase() === normalizedFileFormat)) { + return 'inline'; + } + // Fallback to existing behavior when not configured + return opts?.inline ? 'inline' : 'attachment'; +}; + /** * Factory function to generate content headers. * This approach avoids creating a class instance for each call, improving memory efficiency. @@ -27,9 +53,10 @@ export const createContentHeaders = (attachment: IAttachmentDocument, opts?: { i }); // Content-Disposition + const disposition = determineDisposition(attachment.fileFormat, opts); headers.push({ field: 'Content-Disposition', - value: `${opts?.inline ? 'inline' : 'attachment'};filename*=UTF-8''${encodeURIComponent(attachment.originalName)}`, + value: `${disposition};filename*=UTF-8''${encodeURIComponent(attachment.originalName)}`, }); // Content-Length From 4c2c4e785c155e53db924edc225c0006e8005230 Mon Sep 17 00:00:00 2001 From: ryosei-f Date: Fri, 26 Dec 2025 05:19:44 +0000 Subject: [PATCH 2/3] delete comment --- apps/app/src/server/service/file-uploader/utils/headers.ts | 6 ------ 1 file changed, 6 deletions(-) diff --git a/apps/app/src/server/service/file-uploader/utils/headers.ts b/apps/app/src/server/service/file-uploader/utils/headers.ts index 5e25f770f79..f1acb3f443b 100644 --- a/apps/app/src/server/service/file-uploader/utils/headers.ts +++ b/apps/app/src/server/service/file-uploader/utils/headers.ts @@ -8,11 +8,6 @@ import { configManager } from '../../config-manager'; type ContentHeaderField = 'Content-Type' | 'Content-Security-Policy' | 'Content-Disposition' | 'Content-Length'; type ContentHeader = ExpressHttpHeader; -/** - * Determine Content-Disposition based on MIME type configuration. - * Checks the configured inline/attachment MIME types and falls back to opts.inline if not configured. - */ -// 呼び出し元を大量に修正したくないが、headers.ts を pure utility に保ちたかったから関数を作って分けた const determineDisposition = ( fileFormat: string, opts?: { inline?: boolean }, @@ -28,7 +23,6 @@ const determineDisposition = ( if (inlineMimeTypes.some(mimeType => mimeType.toLowerCase() === normalizedFileFormat)) { return 'inline'; } - // Fallback to existing behavior when not configured return opts?.inline ? 'inline' : 'attachment'; }; From f9c5fc8bd571b9b059e335eb1f3c27654c6cdf18 Mon Sep 17 00:00:00 2001 From: ryosei-f Date: Fri, 26 Dec 2025 06:52:22 +0000 Subject: [PATCH 3/3] fix logic --- apps/app/src/server/service/file-uploader/utils/headers.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apps/app/src/server/service/file-uploader/utils/headers.ts b/apps/app/src/server/service/file-uploader/utils/headers.ts index f1acb3f443b..d37ce9d306c 100644 --- a/apps/app/src/server/service/file-uploader/utils/headers.ts +++ b/apps/app/src/server/service/file-uploader/utils/headers.ts @@ -5,6 +5,8 @@ import type { IAttachmentDocument } from '~/server/models/attachment'; import { configManager } from '../../config-manager'; +import { defaultContentDispositionSettings } from './security'; + type ContentHeaderField = 'Content-Type' | 'Content-Security-Policy' | 'Content-Disposition' | 'Content-Length'; type ContentHeader = ExpressHttpHeader; @@ -23,6 +25,10 @@ const determineDisposition = ( if (inlineMimeTypes.some(mimeType => mimeType.toLowerCase() === normalizedFileFormat)) { return 'inline'; } + const defaultSetting = defaultContentDispositionSettings[normalizedFileFormat]; + if (defaultSetting) { + return defaultSetting; + } return opts?.inline ? 'inline' : 'attachment'; };