Changeset View
Changeset View
Standalone View
Standalone View
src/applications/files/controller/PhabricatorFileDataController.php
Show First 20 Lines • Show All 67 Lines • ▼ Show 20 Lines | public function handleRequest(AphrontRequest $request) { | ||||
// and glitches when trying to loop them. In particular, Safari sends | // and glitches when trying to loop them. In particular, Safari sends | ||||
// an initial request for bytes 0-1 of the audio file, and things go south | // an initial request for bytes 0-1 of the audio file, and things go south | ||||
// if we can't respond with a 206 Partial Content. | // if we can't respond with a 206 Partial Content. | ||||
$range = $request->getHTTPHeader('range'); | $range = $request->getHTTPHeader('range'); | ||||
if (strlen($range)) { | if (strlen($range)) { | ||||
list($begin, $end) = $response->parseHTTPRange($range); | list($begin, $end) = $response->parseHTTPRange($range); | ||||
} | } | ||||
$is_viewable = $file->isViewableInBrowser(); | if (!$file->isViewableInBrowser()) { | ||||
$is_download = true; | |||||
} | |||||
$request_type = $request->getHTTPHeader('X-Phabricator-Request-Type'); | $request_type = $request->getHTTPHeader('X-Phabricator-Request-Type'); | ||||
$is_lfs = ($request_type == 'git-lfs'); | $is_lfs = ($request_type == 'git-lfs'); | ||||
if ($is_viewable && !$is_download) { | if (!$is_download) { | ||||
$response->setMimeType($file->getViewableMimeType()); | $response->setMimeType($file->getViewableMimeType()); | ||||
} else { | } else { | ||||
$is_post = $request->isHTTPPost(); | $is_post = $request->isHTTPPost(); | ||||
// NOTE: Require POST to download files from the primary domain. If the | // NOTE: Require POST to download files from the primary domain. If the | ||||
// request is not a POST request but arrives on the primary domain, we | // request is not a POST request but arrives on the primary domain, we | ||||
// render a confirmation dialog. For discussion, see T13094. | // render a confirmation dialog. For discussion, see T13094. | ||||
Show All 15 Lines | if (!$is_download) { | ||||
$response->setDownload($file->getName()); | $response->setDownload($file->getName()); | ||||
} | } | ||||
$iterator = $file->getFileDataIterator($begin, $end); | $iterator = $file->getFileDataIterator($begin, $end); | ||||
$response->setContentLength($file->getByteSize()); | $response->setContentLength($file->getByteSize()); | ||||
$response->setContentIterator($iterator); | $response->setContentIterator($iterator); | ||||
// In Chrome, we must permit this domain in "object-src" CSP when serving a | |||||
// PDF or the browser will refuse to render it. | |||||
if (!$is_download && $file->isPDF()) { | |||||
$request_uri = id(clone $request->getAbsoluteRequestURI()) | |||||
->setPath(null) | |||||
->setFragment(null) | |||||
->setQueryParams(array()); | |||||
$response->addContentSecurityPolicyURI( | |||||
'object-src', | |||||
(string)$request_uri); | |||||
} | |||||
return $response; | return $response; | ||||
} | } | ||||
private function loadFile() { | private function loadFile() { | ||||
// Access to files is provided by knowledge of a per-file secret key in | // Access to files is provided by knowledge of a per-file secret key in | ||||
// the URI. Knowledge of this secret is sufficient to retrieve the file. | // the URI. Knowledge of this secret is sufficient to retrieve the file. | ||||
// For some requests, we also have a valid viewer. However, for many | // For some requests, we also have a valid viewer. However, for many | ||||
▲ Show 20 Lines • Show All 75 Lines • Show Last 20 Lines |