X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;ds=inline;f=lib%2Fpleroma%2Fplugs%2Fuploaded_media.ex;h=94147e0c42250c647984a3955dd98100208bc04f;hb=d15aa9d9503e59b3cd0731394855781f435ec63c;hp=f998293e8fd395ba070eec9b3204caa863078cb9;hpb=2791ce9a1ff2365ac7256f5e1dc2324dee2f82c9;p=akkoma

diff --git a/lib/pleroma/plugs/uploaded_media.ex b/lib/pleroma/plugs/uploaded_media.ex
index f998293e8..94147e0c4 100644
--- a/lib/pleroma/plugs/uploaded_media.ex
+++ b/lib/pleroma/plugs/uploaded_media.ex
@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Plugs.UploadedMedia do
@@ -7,15 +7,21 @@ defmodule Pleroma.Plugs.UploadedMedia do
   """
 
   import Plug.Conn
+  import Pleroma.Web.Gettext
   require Logger
 
   @behaviour Plug
   # no slashes
   @path "media"
 
+  @default_cache_control_header "public, max-age=1209600"
+
   def init(_opts) do
     static_plug_opts =
-      []
+      [
+        headers: %{"cache-control" => @default_cache_control_header},
+        cache_control_for_etags: @default_cache_control_header
+      ]
       |> Keyword.put(:from, "__unconfigured_media_plug")
       |> Keyword.put(:at, "/__unconfigured_media_plug")
       |> Plug.Static.init()
@@ -23,8 +29,21 @@ defmodule Pleroma.Plugs.UploadedMedia do
     %{static_plug_opts: static_plug_opts}
   end
 
-  def call(conn = %{request_path: <<"/", @path, "/", file::binary>>}, opts) do
-    config = Pleroma.Config.get([Pleroma.Upload])
+  def call(%{request_path: <<"/", @path, "/", file::binary>>} = conn, opts) do
+    conn =
+      case fetch_query_params(conn) do
+        %{query_params: %{"name" => name}} = conn ->
+          name = String.replace(name, "\"", "\\\"")
+
+          conn
+          |> put_resp_header("content-disposition", "filename=\"#{name}\"")
+
+        conn ->
+          conn
+      end
+      |> merge_resp_headers([{"content-security-policy", "sandbox"}])
+
+    config = Pleroma.Config.get(Pleroma.Upload)
 
     with uploader <- Keyword.fetch!(config, :uploader),
          proxy_remote = Keyword.get(config, :proxy_remote, false),
@@ -33,7 +52,7 @@ defmodule Pleroma.Plugs.UploadedMedia do
     else
       _ ->
         conn
-        |> send_resp(500, "Failed")
+        |> send_resp(:internal_server_error, dgettext("errors", "Failed"))
         |> halt()
     end
   end
@@ -52,7 +71,7 @@ defmodule Pleroma.Plugs.UploadedMedia do
       conn
     else
       conn
-      |> send_resp(404, "Not found")
+      |> send_resp(:not_found, dgettext("errors", "Not found"))
       |> halt()
     end
   end
@@ -72,7 +91,7 @@ defmodule Pleroma.Plugs.UploadedMedia do
     Logger.error("#{__MODULE__}: Unknown get startegy: #{inspect(unknown)}")
 
     conn
-    |> send_resp(500, "Internal Error")
+    |> send_resp(:internal_server_error, dgettext("errors", "Internal Error"))
     |> halt()
   end
 end