~mort

https://mort.coffee

Trackers

~mort/coffeepaste

Last active 4 years ago

#2 Serve /<ID> with Content-Type text/plain; charset=utf-8 and X-Content-Type-Options nosniff 4 years ago

on ~mort/coffeepaste

REPORTED RESOLVED FIXED

#1 Fix .go mime type (currently unknown) 4 years ago

on ~mort/coffeepaste

REPORTED RESOLVED FIXED

#3 Do some basic file inspection to detect .jpg or .png 4 years ago

on ~mort/coffeepaste

REPORTED RESOLVED FIXED

#3 Do some basic file inspection to detect .jpg or .png 4 years ago

Ticket created by ~mort on ~mort/coffeepaste

When #2 is done, it's important that people don't end up with URLs without the appropriate extension. To solve the most common situations where someone would upload binary data without an extension, inspect the first few bytes to detect if the file is a PNG or a JPEG.

#2 Serve /<ID> with Content-Type text/plain; charset=utf-8 and X-Content-Type-Options nosniff 4 years ago

Ticket created by ~mort on ~mort/coffeepaste

Currently, the default for serving a GET request, if there is no extension provided or the extension is unknown, is to provide no Content-Type header.

I think it would be better to always serve text/plain when an extension is unknown or not provided, and instead work on measures to prevent people from accidentally ending up with URLs to binary data with no extension: #3

#1 Fix .go mime type (currently unknown) 4 years ago

Ticket created by ~mort on ~mort/coffeepaste