mod_http_file_share: Serve configurable set of safe mime types inline (thanks jonas’)
Otherwise people complain about browser 'Save as' dialog.
--- a/plugins/mod_http_file_share.lua Thu Jan 28 16:34:13 2021 +0100
+++ b/plugins/mod_http_file_share.lua Thu Jan 28 17:13:49 2021 +0100
@@ -33,6 +33,7 @@
local external_base_url = module:get_option_string(module.name .. "_base_url");
local file_size_limit = module:get_option_number(module.name .. "_size_limit", 10 * 1024 * 1024); -- 10 MB
local file_types = module:get_option_set(module.name .. "_allowed_file_types", {});
+local safe_types = module:get_option_set(module.name .. "_safe_file_types", {"image/*","video/*","audio/*","text/plain"});
local expiry = module:get_option_number(module.name .. "_expires_after", 7 * 86400);
local access = module:get_option_set(module.name .. "_access", {});
@@ -278,10 +279,16 @@
if not handle then
return ferr or 410;
end
+
+ local disposition = "attachment";
+ if safe_types:contains(filetype) or safe_types:contains(filetype:gsub("/.*", "/*")) then
+ disposition = "inline";
+ end
+
response.headers.last_modified = last_modified;
response.headers.content_length = filesize;
response.headers.content_type = filetype or "application/octet-stream";
- response.headers.content_disposition = string.format("attachment; filename=%q", basename);
+ response.headers.content_disposition = string.format("%s; filename=%q", disposition, basename);
response.headers.cache_control = "max-age=31556952, immutable";
response.headers.content_security_policy = "default-src 'none'; frame-ancestors 'none';"