~mort

https://mort.coffee

Trackers

~mort/coffeepaste

Last active 11 months ago

#2 Serve /<ID> with Content-Type text/plain; charset=utf-8 and X-Content-Type-Options nosniff 11 months ago

on ~mort/coffeepaste

REPORTED RESOLVED FIXED

#1 Fix .go mime type (currently unknown) 11 months ago

on ~mort/coffeepaste

REPORTED RESOLVED FIXED

#3 Do some basic file inspection to detect .jpg or .png 11 months ago

on ~mort/coffeepaste

REPORTED RESOLVED FIXED

#3 Do some basic file inspection to detect .jpg or .png 1 year, 4 days ago

Ticket created by ~mort on ~mort/coffeepaste

When #2 is done, it's important that people don't end up with URLs without the appropriate extension. To solve the most common situations where someone would upload binary data without an extension, inspect the first few bytes to detect if the file is a PNG or a JPEG.

#2 Serve /<ID> with Content-Type text/plain; charset=utf-8 and X-Content-Type-Options nosniff 1 year, 4 days ago

Ticket created by ~mort on ~mort/coffeepaste

Currently, the default for serving a GET request, if there is no extension provided or the extension is unknown, is to provide no Content-Type header.

I think it would be better to always serve text/plain when an extension is unknown or not provided, and instead work on measures to prevent people from accidentally ending up with URLs to binary data with no extension: #3

#1 Fix .go mime type (currently unknown) 1 year, 4 days ago

Ticket created by ~mort on ~mort/coffeepaste