Page MenuHomePhabricator

D15654.diff
No OneTemporary

D15654.diff

diff --git a/src/applications/diffusion/controller/DiffusionServeController.php b/src/applications/diffusion/controller/DiffusionServeController.php
--- a/src/applications/diffusion/controller/DiffusionServeController.php
+++ b/src/applications/diffusion/controller/DiffusionServeController.php
@@ -996,6 +996,7 @@
'href' => $get_uri,
'header' => array(
'Authorization' => $no_authorization,
+ 'X-Phabricator-Request-Type' => 'git-lfs',
),
);
} else {
diff --git a/src/applications/files/controller/PhabricatorFileDataController.php b/src/applications/files/controller/PhabricatorFileDataController.php
--- a/src/applications/files/controller/PhabricatorFileDataController.php
+++ b/src/applications/files/controller/PhabricatorFileDataController.php
@@ -82,10 +82,13 @@
$is_viewable = $file->isViewableInBrowser();
$force_download = $request->getExists('download');
+ $request_type = $request->getHTTPHeader('X-Phabricator-Request-Type');
+ $is_lfs = ($request_type == 'git-lfs');
+
if ($is_viewable && !$force_download) {
$response->setMimeType($file->getViewableMimeType());
} else {
- if (!$request->isHTTPPost() && !$is_alternate_domain) {
+ if (!$request->isHTTPPost() && !$is_alternate_domain && !$is_lfs) {
// NOTE: Require POST to download files from the primary domain. We'd
// rather go full-bore and do a real CSRF check, but can't currently
// authenticate users on the file domain. This should blunt any

File Metadata

Mime Type
text/plain
Expires
Wed, Dec 25, 2:40 PM (10 h, 54 m)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6926756
Default Alt Text
D15654.diff (1 KB)

Event Timeline