Use application/octet-stream as Content-Type for files in CI artifacts
This eliminates the need for Workhorse to set `Content-Type` by guessing based on file extension. If `Content-Disposition` is `attachment`, the browser will prompt the user for an action. In Chrome, the user is always prompted to save the file, and the `filename` extension in the `Content-Disposition` header determines the saved file's default extension. Chrome appears to ignore `Content-Type` if `Content-Disposition` is an attachment. In Firefox, the user is prompted with two options: save the file, or open it with a program. Again, the `filename` extension in the `Content-Disposition` header determines the saved file's default extension. In addition, this extension is used to guess which default program should open the file. If the extension isn't present, Firefox falls back to `Content-Type`. Safari combines both approaches. Like Chrome, it only prompts the user to save the file. Like Firefox, it falls back to the extension provided in `Content-Type` if the `Content-Disposition` filename is not present. Hence, Workhorse's setting of `Content-Type` based on extension provides no additional information and may even be a security risk if the `Content-Disposition` is subverted. Changelog: changed
Showing
Please register or sign in to comment