# HG changeset patch # User Kim Alvefur # Date 1611850429 -3600 # Node ID f80056b97cf06386820c1263f125faacaa35b6a4 # Parent 3e0dcdf6283e2811af3f26abf9918e3407e72458 mod_http_file_share: Serve configurable set of safe mime types inline (thanks jonas’) Otherwise people complain about browser 'Save as' dialog. diff -r 3e0dcdf6283e -r f80056b97cf0 plugins/mod_http_file_share.lua --- a/plugins/mod_http_file_share.lua Thu Jan 28 16:34:13 2021 +0100 +++ b/plugins/mod_http_file_share.lua Thu Jan 28 17:13:49 2021 +0100 @@ -33,6 +33,7 @@ local external_base_url = module:get_option_string(module.name .. "_base_url"); local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB local file_types = module:get_option_set(module.name .. "_allowed_file_types", {}); +local safe_types = module:get_option_set(module.name .. "_safe_file_types", {"image/*","video/*","audio/*","text/plain"}); local expiry = module:get_option_number(module.name .. "_expires_after", 7 * 86400); local access = module:get_option_set(module.name .. "_access", {}); @@ -278,10 +279,16 @@ if not handle then return ferr or 410; end + + local disposition = "attachment"; + if safe_types:contains(filetype) or safe_types:contains(filetype:gsub("/.*", "/*")) then + disposition = "inline"; + end + response.headers.last_modified = last_modified; response.headers.content_length = filesize; response.headers.content_type = filetype or "application/octet-stream"; - response.headers.content_disposition = string.format("attachment; filename=%q", basename); + response.headers.content_disposition = string.format("%s; filename=%q", disposition, basename); response.headers.cache_control = "max-age=31556952, immutable"; response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';"