diff --git a/cdn/src/routes/attachments.ts b/cdn/src/routes/attachments.ts
index 7c55998b..49ceb1b6 100644
--- a/cdn/src/routes/attachments.ts
+++ b/cdn/src/routes/attachments.ts
@@ -8,6 +8,13 @@ import imageSize from "image-size";
const router = Router();
+const SANITIZED_CONTENT_TYPE = [
+ "text/html",
+ "text/mhtml",
+ "multipart/related",
+ "application/xhtml+xml",
+];
+
router.post(
"/:channel_id",
multer.single("file"),
@@ -24,7 +31,8 @@ router.post(
const id = Snowflake.generate();
const path = `attachments/${channel_id}/${id}/${filename}`;
- const endpoint = Config.get()?.cdn.endpoint || "http://localhost:3003";
+ const endpoint =
+ Config.get()?.cdn.endpointPublic || "http://localhost:3003";
await storage.set(path, buffer);
var width;
@@ -61,8 +69,13 @@ router.get(
);
if (!file) throw new HTTPError("File not found");
const type = await FileType.fromBuffer(file);
+ let content_type = type?.mime || "application/octet-stream";
+
+ if (SANITIZED_CONTENT_TYPE.includes(content_type)) {
+ content_type = "application/octet-stream";
+ }
- res.set("Content-Type", type?.mime);
+ res.set("Content-Type", content_type);
res.set("Cache-Control", "public, max-age=31536000");
return res.send(file);
diff --git a/cdn/src/routes/avatars.ts b/cdn/src/routes/avatars.ts
index 3d745f90..93045925 100644
--- a/cdn/src/routes/avatars.ts
+++ b/cdn/src/routes/avatars.ts
@@ -44,7 +44,8 @@ router.post(
if (ANIMATED_MIME_TYPES.includes(type.mime)) hash = `a_${hash}`; // animated icons have a_ infront of the hash
const path = `avatars/${user_id}/${hash}`;
- const endpoint = Config.get().cdn.endpoint || "http://localhost:3003";
+ const endpoint =
+ Config.get().cdn.endpointPublic || "http://localhost:3003";
await storage.set(path, buffer);
|
