Allow whitelisting mediaTypes used in resources.GetRemote

Fixes #10286
author: Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> 2023-05-20 17:37:04 +0200
committer: Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> 2023-05-20 20:16:45 +0200
commit: 2637b4ef4dbb3f8d3e537f900bdd072b4078c87e (patch)
tree: 6b64225d157397befe5a7d0ab7925b8ad0e6ba94 /config
parent: 7c7baa618325cb3d2b1ef48bdc1f97aae25f62e9 (diff)
2 files changed, 5 insertions, 0 deletions
diff --git a/config/security/securityConfig.go b/config/security/securityConfig.go
index 66e89fb97..f7d2beac8 100644
--- a/config/security/securityConfig.go
+++ b/config/security/securityConfig.go
@@ -88,6 +88,9 @@ type HTTP struct {
 
 	// HTTP methods to allow.
 	Methods Whitelist `json:"methods"`
+
+	// Media types where the Content-Type in the response is used instead of resolving from the file content.
+	MediaTypes Whitelist `json:"mediaTypes"`
 }
 
 // ToTOML converts c to TOML with [security] as the root.
diff --git a/config/security/securityConfig_test.go b/config/security/securityConfig_test.go
index 55409e318..edc1737e3 100644
--- a/config/security/securityConfig_test.go
+++ b/config/security/securityConfig_test.go
@@ -163,8 +163,10 @@ func TestDecodeConfigDefault(t *testing.T) {
 	c.Assert(pc.HTTP.Methods.Accept("GET"), qt.IsTrue)
 	c.Assert(pc.HTTP.Methods.Accept("get"), qt.IsTrue)
 	c.Assert(pc.HTTP.Methods.Accept("DELETE"), qt.IsFalse)
+	c.Assert(pc.HTTP.MediaTypes.Accept("application/msword"), qt.IsFalse)
 
 	c.Assert(pc.Exec.OsEnv.Accept("PATH"), qt.IsTrue)
 	c.Assert(pc.Exec.OsEnv.Accept("GOROOT"), qt.IsTrue)
 	c.Assert(pc.Exec.OsEnv.Accept("MYSECRET"), qt.IsFalse)
+
 }
author	Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>	2023-05-20 17:37:04 +0200
committer	Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>	2023-05-20 20:16:45 +0200
commit	2637b4ef4dbb3f8d3e537f900bdd072b4078c87e (patch)
tree	6b64225d157397befe5a7d0ab7925b8ad0e6ba94 /config
parent	7c7baa618325cb3d2b1ef48bdc1f97aae25f62e9 (diff)