prosody
f80056b97cf0
plugins/mod_http_file_share.lua
Software / code / prosody
Comparison
plugins/mod_http_file_share.lua @ 11333:f80056b97cf0
mod_http_file_share: Serve configurable set of safe mime types inline (thanks jonas’)
Otherwise people complain about browser 'Save as' dialog.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 28 Jan 2021 17:13:49 +0100 |
| parent | 11332:3e0dcdf6283e |
| child | 11334:dbba2d44fda2 |
comparison
equal
deleted
inserted
replaced
| 11332:3e0dcdf6283e | 11333:f80056b97cf0 |
|---|---|
| 31 | 31 |
| 32 local secret = module:get_option_string(module.name.."_secret", require"util.id".long()); | 32 local secret = module:get_option_string(module.name.."_secret", require"util.id".long()); |
| 33 local external_base_url = module:get_option_string(module.name .. "_base_url"); | 33 local external_base_url = module:get_option_string(module.name .. "_base_url"); |
| 34 local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB | 34 local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB |
| 35 local file_types = module:get_option_set(module.name .. "_allowed_file_types", {}); | 35 local file_types = module:get_option_set(module.name .. "_allowed_file_types", {}); |
| 36 local safe_types = module:get_option_set(module.name .. "_safe_file_types", {"image/*","video/*","audio/*","text/plain"}); | |
| 36 local expiry = module:get_option_number(module.name .. "_expires_after", 7 * 86400); | 37 local expiry = module:get_option_number(module.name .. "_expires_after", 7 * 86400); |
| 37 | 38 |
| 38 local access = module:get_option_set(module.name .. "_access", {}); | 39 local access = module:get_option_set(module.name .. "_access", {}); |
| 39 | 40 |
| 40 if not external_base_url then | 41 if not external_base_url then |
| 276 local filename = get_filename(slot_id); | 277 local filename = get_filename(slot_id); |
| 277 local handle, ferr = errors.coerce(io.open(filename)); | 278 local handle, ferr = errors.coerce(io.open(filename)); |
| 278 if not handle then | 279 if not handle then |
| 279 return ferr or 410; | 280 return ferr or 410; |
| 280 end | 281 end |
| 282 | |
| 283 local disposition = "attachment"; | |
| 284 if safe_types:contains(filetype) or safe_types:contains(filetype:gsub("/.*", "/*")) then | |
| 285 disposition = "inline"; | |
| 286 end | |
| 287 | |
| 281 response.headers.last_modified = last_modified; | 288 response.headers.last_modified = last_modified; |
| 282 response.headers.content_length = filesize; | 289 response.headers.content_length = filesize; |
| 283 response.headers.content_type = filetype or "application/octet-stream"; | 290 response.headers.content_type = filetype or "application/octet-stream"; |
| 284 response.headers.content_disposition = string.format("attachment; filename=%q", basename); | 291 response.headers.content_disposition = string.format("%s; filename=%q", disposition, basename); |
| 285 | 292 |
| 286 response.headers.cache_control = "max-age=31556952, immutable"; | 293 response.headers.cache_control = "max-age=31556952, immutable"; |
| 287 response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';" | 294 response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';" |
| 288 response.headers.strict_transport_security = "max-age=31556952"; | 295 response.headers.strict_transport_security = "max-age=31556952"; |
| 289 response.headers.x_content_type_options = "nosniff"; | 296 response.headers.x_content_type_options = "nosniff"; |
