Class: ActiveStorage::Download

Inherits:

Object

Object
ActiveStorage::Download

Defined in:: lib/active_storage/download.rb

Constant Summary collapse

CONTENT_TYPES_TO_RENDER_AS_BINARY = Sending .ai files as application/postscript to Safari opens them in a blank, grey screen. Downloading .ai as application/postscript files in Safari appends .ps to the extension. Sending HTML, SVG, XML and SWF files as binary closes XSS vulnerabilities. Sending JS files as binary avoids InvalidCrossOriginRequest without compromising security.

%w(
  text/html
  text/javascript
  image/svg+xml
  application/postscript
  application/x-shockwave-flash
  text/xml
  application/xml
  application/xhtml+xml
)

BINARY_CONTENT_TYPE =

'application/octet-stream'

Instance Method Summary collapse

#headers(force_attachment: false) ⇒ Object
#initialize(stored_file) ⇒ Download constructor

A new instance of Download.

Constructor Details

#initialize(stored_file) ⇒ `Download`

Returns a new instance of Download.



19
20
21

# File 'lib/active_storage/download.rb', line 19

def initialize(stored_file)
  @stored_file = stored_file
end

Instance Method Details

#headers(force_attachment: false) ⇒ `Object`

# File 'lib/active_storage/download.rb', line 23

def headers(force_attachment: false)
  {
    x_accel_redirect:    '/reproxy',
    x_reproxy_url:       reproxy_url,
    content_type:        content_type,
    content_disposition: content_disposition(force_attachment),
    x_frame_options:     'SAMEORIGIN'
  }
end