From 551157960e70363d35a9b24d79780c9b98c9ef3b Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Tue, 1 Sep 2015 23:28:48 -0700
Subject: Remove the filename argument from Content-Disposition header to avoid
 RFC 5987 and RFC 6266 encoding issues. This change allows the browser to
 determine the filename based on the URL.

See: http://greenbytes.de/tech/tc2231/

Closes https://github.com/gitlabhq/gitlabhq/issues/9595

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/1829
---
 CHANGELOG                                        |  1 +
 app/controllers/projects/raw_controller.rb       |  3 +--
 spec/controllers/projects/raw_controller_spec.rb | 23 +++++++++++++++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 spec/controllers/projects/raw_controller_spec.rb

diff --git a/CHANGELOG b/CHANGELOG
index f2ac3b979a2..a5b4c3cf5c8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.0.0 (unreleased)
+  - Omit filename in Content-Disposition header in raw file download to avoid RFC 6266 encoding issues (Stan HU)
   - Prevent anchors from being hidden by header (Stan Hu)
   - Fix bug where only the first 15 Bitbucket issues would be imported (Stan Hu)
   - Sort issues by creation date in Bitbucket importer (Stan Hu)
diff --git a/app/controllers/projects/raw_controller.rb b/app/controllers/projects/raw_controller.rb
index 647c1454078..1a3df40dc75 100644
--- a/app/controllers/projects/raw_controller.rb
+++ b/app/controllers/projects/raw_controller.rb
@@ -17,8 +17,7 @@ class Projects::RawController < Projects::ApplicationController
       send_data(
         @blob.data,
         type: type,
-        disposition: 'inline',
-        filename: @blob.name
+        disposition: 'inline'
       )
     else
       not_found!
diff --git a/spec/controllers/projects/raw_controller_spec.rb b/spec/controllers/projects/raw_controller_spec.rb
new file mode 100644
index 00000000000..1f921d5f05d
--- /dev/null
+++ b/spec/controllers/projects/raw_controller_spec.rb
@@ -0,0 +1,23 @@
+require 'spec_helper'
+
+describe Projects::RawController do
+  let(:public_project) { create(:project, :public) }
+
+  describe "#show" do
+    context 'regular filename' do
+      let(:id) { 'master/README.md' }
+
+      it 'delivers ASCII file' do
+        get(:show,
+            namespace_id: public_project.namespace.to_param,
+            project_id: public_project.to_param,
+            id: id)
+
+        expect(response.status).to eq(200)
+        expect(response.header['Content-Type']).to eq('text/plain; charset=utf-8')
+        expect(response.header['Content-Disposition']).
+            to eq("inline")
+      end
+    end
+  end
+end
-- 
cgit v1.2.1