Allow mime types to match based off of class
The old behavior prevented simple file types like `text/plain` from being uploaded since browsers upload them with the charset as well (e.g. `text/plain charset=utf-8`) without specifying all possible charsets. Additionally, this allows for blanket includes like `text/*` or `image/*` by class type.
This commit is contained in:
parent
a97fe76950
commit
3b9396c178
@ -34,9 +34,13 @@ func VerifyAllowedContentType(buf []byte, allowedTypes []string) error {
|
||||
for _, t := range allowedTypes {
|
||||
t := strings.Trim(t, " ")
|
||||
|
||||
if t == "*/*" || t == fileType ||
|
||||
if t == fileType ||
|
||||
// Allow wildcard */* to match all mime types
|
||||
t == "*/*" ||
|
||||
// Allow directives after type, like 'text/plain; charset=utf-8'
|
||||
strings.HasPrefix(fileType, t+";") {
|
||||
strings.HasPrefix(fileType, t+";") ||
|
||||
// Allow a class whitelist, like 'image/*'
|
||||
(strings.HasSuffix(t, "/*") && strings.HasPrefix(fileType, strings.TrimRight(t, "*"))) {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user