Compare commits

..

No commits in common. "a221d4e6182464fa293797670ac7f81918d218c7" and "b28d83a481e40bfcc151971d0081a6d1192ccae0" have entirely different histories.

3 changed files with 19 additions and 19 deletions

30
Cargo.lock generated
View File

@ -265,9 +265,9 @@ dependencies = [
[[package]]
name = "aho-corasick"
version = "1.0.1"
version = "0.7.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "67fc08ce920c31afb70f013dcce1bfc3a3195de6a228474e45e1f145b36f8d04"
checksum = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac"
dependencies = [
"memchr",
]
@ -322,9 +322,9 @@ dependencies = [
[[package]]
name = "bumpalo"
version = "3.12.1"
version = "3.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9b1ce199063694f33ffb7dd4e0ee620741495c32833cde5aa08f02a0bf96f0c8"
checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
[[package]]
name = "bytecount"
@ -376,9 +376,9 @@ checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e"
[[package]]
name = "cpufeatures"
version = "0.2.7"
version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3e4c1eaa2012c47becbbad2ab175484c2a84d1185b566fb2cc5b8707343dfe58"
checksum = "280a9f2d8b3a38871a3c8a46fb80db65e5e5ed97da80c4d08bf27fb63e35e181"
dependencies = [
"libc",
]
@ -436,7 +436,7 @@ dependencies = [
[[package]]
name = "datatrash"
version = "2.3.3"
version = "2.3.2"
dependencies = [
"actix-files",
"actix-governor",
@ -718,9 +718,9 @@ dependencies = [
[[package]]
name = "h2"
version = "0.3.18"
version = "0.3.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "17f8a914c2987b688368b5138aa05321db91f4090cf26118185672ad588bce21"
checksum = "66b91535aa35fea1523ad1b86cb6b53c28e0ae566ba4a460f4457e936cad7c6f"
dependencies = [
"bytes",
"fnv",
@ -912,9 +912,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]]
name = "libc"
version = "0.2.142"
version = "0.2.141"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317"
checksum = "3304a64d199bb964be99741b7a14d26972741915b3649639149b2479bb46f4b5"
[[package]]
name = "local-channel"
@ -1256,9 +1256,9 @@ dependencies = [
[[package]]
name = "regex"
version = "1.8.1"
version = "1.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "af83e617f331cc6ae2da5443c602dfa5af81e517212d9d611a5b3ba1777b5370"
checksum = "8b1f693b24f6ac912f4893ef08244d70b6067480d2f1a46e950c9691e6749d1d"
dependencies = [
"aho-corasick",
"memchr",
@ -1267,9 +1267,9 @@ dependencies = [
[[package]]
name = "regex-syntax"
version = "0.7.1"
version = "0.6.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a5996294f19bd3aae0453a862ad728f60e6600695733dd5df01da90c54363a3c"
checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
[[package]]
name = "ring"

View File

@ -1,6 +1,6 @@
[package]
name = "datatrash"
version = "2.3.3"
version = "2.3.2"
authors = ["neri"]
edition = "2021"

View File

@ -156,7 +156,7 @@ fn build_file_response(
.set_content_disposition(content_disposition);
let mut response = file.into_response(req);
append_security_headers(&mut response, req);
append_security_headers(&mut response, req, download);
Ok(response)
}
@ -172,14 +172,14 @@ fn get_disposition_params(filename: &str) -> Vec<DispositionParam> {
parameters
}
fn append_security_headers(response: &mut HttpResponse, req: &HttpRequest) {
fn append_security_headers(response: &mut HttpResponse, req: &HttpRequest, download: bool) {
// if the browser is trying to fetch this resource in a secure context pretend the reponse is
// just binary data so it won't be executed
let sec_fetch_mode = req
.headers()
.get("sec-fetch-mode")
.and_then(|v| v.to_str().ok());
if sec_fetch_mode.is_some() && sec_fetch_mode != Some("navigate") {
if !download && sec_fetch_mode.is_some() && sec_fetch_mode != Some("navigate") {
response.headers_mut().insert(
CONTENT_TYPE,
HeaderValue::from_str(APPLICATION_OCTET_STREAM.as_ref())