diff options
| -rw-r--r-- | app/controllers/projects/raw_controller.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb index 0d35f373e9c..0c23d411f4c 100644 --- a/app/controllers/projects/raw_controller.rb +++ b/app/controllers/projects/raw_controller.rb @@ -11,9 +11,17 @@ class Projects::RawController < Projects::ApplicationController @blob = Gitlab::Git::Blob.new(@repository, @commit.id, @ref, @path) if @blob.exists? + type = if @blob.mime_type =~ /html|javascript/ + 'text/plain; charset=utf-8' + else + @blob.mime_type + end + + headers['X-Content-Type-Options'] = 'nosniff' + send_data( @blob.data, - type: @blob.mime_type, + type: type, disposition: 'inline', filename: @blob.name ) |