Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-26848

Confluence allows images to be uploaded with the wrong mime type, which causes them to not display in IE due to nosniff

XMLWordPrintable

      Symptoms

      Confluence does not do any sniffing on the upload of an image, so it's possible to rename the file extension on an image, and it will upload into Confluence without any warnings or errors. This image will then be stored in Confluence with a different mime type to the data contained in the file.

      This was never much of a problem for us, as the browser would sniff the type and display it properly even if we gave it the wrong mime type. Since 4.3.2 however, Confluence now specifies the "nosniff" directive in the HTTP headers, which causes IE to not display these images because the mime type does not match.

      Steps to Reproduce

      1. Find any image file
      2. Rename the image to some other image extension besides what the data actually is
      3. Upload the file to Confluence
      4. Open the page in IE, observe the "X" displayed in place of the image

      Workaround

      Upload images with the correct mime type.

            [CONFSERVER-26848] Confluence allows images to be uploaded with the wrong mime type, which causes them to not display in IE due to nosniff

            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2890251 ] New: CONFSERVER Bug Workflow v4 [ 3001242 ]

            Marcel Munerotto added a comment -

            I can verify that the problem appears in 6.10.2 again.

            Marcel Munerotto added a comment - I can verify that the problem appears in 6.10.2 again.
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2795482 ] New: JAC Bug Workflow v3 [ 2890251 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]

            Tester- Amy added a comment -

            I just replicated this issue in 6.10.2. It's obviously broken again

            Tester- Amy added a comment - I just replicated this issue in 6.10.2. It's obviously broken again
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2725567 ] New: JAC Bug Workflow v2 [ 2795482 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389284 ] New: JAC Bug Workflow [ 2725567 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2266852 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389284 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2210439 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2266852 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2196695 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2210439 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1936993 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2196695 ]

              xtaixe Xavier Sanchez (Inactive)
              dmason David Mason (Inactive)
              Affected customers:
              6 This affects my team
              Watchers:
              16 Start watching this issue

                Created:
                Updated:
                Resolved: