Details
-
Bug
-
Resolution: Fixed
-
Low
-
4.3.2
-
None
Description
Symptoms
Confluence does not do any sniffing on the upload of an image, so it's possible to rename the file extension on an image, and it will upload into Confluence without any warnings or errors. This image will then be stored in Confluence with a different mime type to the data contained in the file.
This was never much of a problem for us, as the browser would sniff the type and display it properly even if we gave it the wrong mime type. Since 4.3.2 however, Confluence now specifies the "nosniff" directive in the HTTP headers, which causes IE to not display these images because the mime type does not match.
Steps to Reproduce
- Find any image file
- Rename the image to some other image extension besides what the data actually is
- Upload the file to Confluence
- Open the page in IE, observe the "X" displayed in place of the image
Workaround
Upload images with the correct mime type.
Attachments
Issue Links
- causes
-
-
- Closed
-
- is related to
-
CONFSERVER-29359 Improve attachment content type seting by sniffing content
- Closed
- relates to
-
-
- Closed
-
-
-
- Gathering Impact
-