# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Plugs.UploadedMedia do
"""
import Plug.Conn
+ import Pleroma.Web.Gettext
require Logger
@behaviour Plug
# no slashes
@path "media"
+ @default_cache_control_header "public, max-age=1209600"
+
def init(_opts) do
static_plug_opts =
- []
+ [
+ headers: %{"cache-control" => @default_cache_control_header},
+ cache_control_for_etags: @default_cache_control_header
+ ]
|> Keyword.put(:from, "__unconfigured_media_plug")
|> Keyword.put(:at, "/__unconfigured_media_plug")
|> Plug.Static.init()
conn =
case fetch_query_params(conn) do
%{query_params: %{"name" => name}} = conn ->
+ name = String.replace(name, "\"", "\\\"")
+
conn
- |> put_resp_header("Content-Disposition", "filename=\"#{name}\"")
+ |> put_resp_header("content-disposition", "filename=\"#{name}\"")
conn ->
conn
end
+ |> merge_resp_headers([{"content-security-policy", "sandbox"}])
- config = Pleroma.Config.get([Pleroma.Upload])
+ config = Pleroma.Config.get(Pleroma.Upload)
with uploader <- Keyword.fetch!(config, :uploader),
proxy_remote = Keyword.get(config, :proxy_remote, false),
else
_ ->
conn
- |> send_resp(500, "Failed")
+ |> send_resp(:internal_server_error, dgettext("errors", "Failed"))
|> halt()
end
end
conn
else
conn
- |> send_resp(404, "Not found")
+ |> send_resp(:not_found, dgettext("errors", "Not found"))
|> halt()
end
end
Logger.error("#{__MODULE__}: Unknown get startegy: #{inspect(unknown)}")
conn
- |> send_resp(500, "Internal Error")
+ |> send_resp(:internal_server_error, dgettext("errors", "Internal Error"))
|> halt()
end
end