github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 16:34:31 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: add 'Content-Length' header for avatars

Browse Source
This commit is contained in:
Régis Hanol
2014-10-22 15:39:51 +02:00
parent 6c58cb982a
commit de415b804c
3 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/static_controller.rb
View File

@ -77,13 +77,12 @@ class StaticController < ApplicationController
end
skip_before_filter :verify_authenticity_token, only: [:cdn_asset]
def cdn_asset
path = File.expand_path(Rails.root + "public/assets/" + params[:path])
# SECURITY what if path has /../
unless path.start_with?(Rails.root.to_s + "/public/assets")
raise Discourse::NotFound
end
raise Discourse::NotFound unless path.start_with?(Rails.root.to_s + "/public/assets")
expires_in 1.year, public: true
@ -96,10 +95,8 @@ class StaticController < ApplicationController
rescue Errno::ENOENT
raise Discourse::NotFound
end
opts = {
disposition: nil
}
opts = { disposition: nil }
opts[:type] = "application/javascript" if path =~ /\.js$/
# we must disable acceleration otherwise NGINX strips
@ -107,4 +104,5 @@ class StaticController < ApplicationController
request.env['sendfile.type'] = ''
send_file(path, opts)
end
end