Changeset View
Changeset View
Standalone View
Standalone View
src/applications/files/controller/PhabricatorFileDataController.php
| Show First 20 Lines • Show All 67 Lines • ▼ Show 20 Lines | public function handleRequest(AphrontRequest $request) { | ||||
| // and glitches when trying to loop them. In particular, Safari sends | // and glitches when trying to loop them. In particular, Safari sends | ||||
| // an initial request for bytes 0-1 of the audio file, and things go south | // an initial request for bytes 0-1 of the audio file, and things go south | ||||
| // if we can't respond with a 206 Partial Content. | // if we can't respond with a 206 Partial Content. | ||||
| $range = $request->getHTTPHeader('range'); | $range = $request->getHTTPHeader('range'); | ||||
| if (strlen($range)) { | if (strlen($range)) { | ||||
| list($begin, $end) = $response->parseHTTPRange($range); | list($begin, $end) = $response->parseHTTPRange($range); | ||||
| } | } | ||||
| $is_viewable = $file->isViewableInBrowser(); | if (!$file->isViewableInBrowser()) { | ||||
| $is_download = true; | |||||
| } | |||||
| $request_type = $request->getHTTPHeader('X-Phabricator-Request-Type'); | $request_type = $request->getHTTPHeader('X-Phabricator-Request-Type'); | ||||
| $is_lfs = ($request_type == 'git-lfs'); | $is_lfs = ($request_type == 'git-lfs'); | ||||
| if ($is_viewable && !$is_download) { | if (!$is_download) { | ||||
| $response->setMimeType($file->getViewableMimeType()); | $response->setMimeType($file->getViewableMimeType()); | ||||
| } else { | } else { | ||||
| $is_post = $request->isHTTPPost(); | $is_post = $request->isHTTPPost(); | ||||
| // NOTE: Require POST to download files from the primary domain. If the | // NOTE: Require POST to download files from the primary domain. If the | ||||
| // request is not a POST request but arrives on the primary domain, we | // request is not a POST request but arrives on the primary domain, we | ||||
| // render a confirmation dialog. For discussion, see T13094. | // render a confirmation dialog. For discussion, see T13094. | ||||
| Show All 15 Lines | if (!$is_download) { | ||||
| $response->setDownload($file->getName()); | $response->setDownload($file->getName()); | ||||
| } | } | ||||
| $iterator = $file->getFileDataIterator($begin, $end); | $iterator = $file->getFileDataIterator($begin, $end); | ||||
| $response->setContentLength($file->getByteSize()); | $response->setContentLength($file->getByteSize()); | ||||
| $response->setContentIterator($iterator); | $response->setContentIterator($iterator); | ||||
| // In Chrome, we must permit this domain in "object-src" CSP when serving a | |||||
| // PDF or the browser will refuse to render it. | |||||
| if (!$is_download && $file->isPDF()) { | |||||
| $request_uri = id(clone $request->getAbsoluteRequestURI()) | |||||
| ->setPath(null) | |||||
| ->setFragment(null) | |||||
| ->setQueryParams(array()); | |||||
| $response->addContentSecurityPolicyURI( | |||||
| 'object-src', | |||||
| (string)$request_uri); | |||||
| } | |||||
| return $response; | return $response; | ||||
| } | } | ||||
| private function loadFile() { | private function loadFile() { | ||||
| // Access to files is provided by knowledge of a per-file secret key in | // Access to files is provided by knowledge of a per-file secret key in | ||||
| // the URI. Knowledge of this secret is sufficient to retrieve the file. | // the URI. Knowledge of this secret is sufficient to retrieve the file. | ||||
| // For some requests, we also have a valid viewer. However, for many | // For some requests, we also have a valid viewer. However, for many | ||||
| ▲ Show 20 Lines • Show All 75 Lines • Show Last 20 Lines | |||||