- def call(conn = %{request_path: <<"/", @path, "/", file::binary>>}, opts) do
- config = Pleroma.Config.get([Pleroma.Upload])
+ def call(%{request_path: <<"/", @path, "/", file::binary>>} = conn, opts) do
+ conn =
+ case fetch_query_params(conn) do
+ %{query_params: %{"name" => name}} = conn ->
+ name = String.replace(name, "\"", "\\\"")
+
+ conn
+ |> put_resp_header("content-disposition", "filename=\"#{name}\"")
+
+ conn ->
+ conn
+ end
+ |> merge_resp_headers([{"content-security-policy", "sandbox"}])
+
+ config = Pleroma.Config.get(Pleroma.Upload)