(filename: string, originalContentType: string)
| 168 | const FORCE_ATTACHMENT_EXTENSIONS = new Set(['html', 'htm', 'js', 'css', 'xml']) |
| 169 | |
| 170 | function getSecureFileHeaders(filename: string, originalContentType: string) { |
| 171 | const extension = filename.split('.').pop()?.toLowerCase() || '' |
| 172 | |
| 173 | if (FORCE_ATTACHMENT_EXTENSIONS.has(extension)) { |
| 174 | return { |
| 175 | contentType: 'application/octet-stream', |
| 176 | disposition: 'attachment', |
| 177 | } |
| 178 | } |
| 179 | |
| 180 | let safeContentType = originalContentType |
| 181 | |
| 182 | if (originalContentType === 'text/html') { |
| 183 | safeContentType = 'text/plain' |
| 184 | } |
| 185 | |
| 186 | const disposition = SAFE_INLINE_TYPES.has(safeContentType) ? 'inline' : 'attachment' |
| 187 | |
| 188 | return { |
| 189 | contentType: safeContentType, |
| 190 | disposition, |
| 191 | } |
| 192 | } |
| 193 | |
| 194 | export function encodeFilenameForHeader(storageKey: string): string { |
| 195 | const filename = storageKey.split('/').pop() || storageKey |
no outgoing calls
no test coverage detected