diff options
author | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2023-05-20 17:37:04 +0200 |
---|---|---|
committer | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2023-05-20 20:16:45 +0200 |
commit | 2637b4ef4dbb3f8d3e537f900bdd072b4078c87e (patch) | |
tree | 6b64225d157397befe5a7d0ab7925b8ad0e6ba94 /config | |
parent | 7c7baa618325cb3d2b1ef48bdc1f97aae25f62e9 (diff) |
Allow whitelisting mediaTypes used in resources.GetRemote
Fixes #10286
Diffstat (limited to 'config')
-rw-r--r-- | config/security/securityConfig.go | 3 | ||||
-rw-r--r-- | config/security/securityConfig_test.go | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/config/security/securityConfig.go b/config/security/securityConfig.go index 66e89fb97..f7d2beac8 100644 --- a/config/security/securityConfig.go +++ b/config/security/securityConfig.go @@ -88,6 +88,9 @@ type HTTP struct { // HTTP methods to allow. Methods Whitelist `json:"methods"` + + // Media types where the Content-Type in the response is used instead of resolving from the file content. + MediaTypes Whitelist `json:"mediaTypes"` } // ToTOML converts c to TOML with [security] as the root. diff --git a/config/security/securityConfig_test.go b/config/security/securityConfig_test.go index 55409e318..edc1737e3 100644 --- a/config/security/securityConfig_test.go +++ b/config/security/securityConfig_test.go @@ -163,8 +163,10 @@ func TestDecodeConfigDefault(t *testing.T) { c.Assert(pc.HTTP.Methods.Accept("GET"), qt.IsTrue) c.Assert(pc.HTTP.Methods.Accept("get"), qt.IsTrue) c.Assert(pc.HTTP.Methods.Accept("DELETE"), qt.IsFalse) + c.Assert(pc.HTTP.MediaTypes.Accept("application/msword"), qt.IsFalse) c.Assert(pc.Exec.OsEnv.Accept("PATH"), qt.IsTrue) c.Assert(pc.Exec.OsEnv.Accept("GOROOT"), qt.IsTrue) c.Assert(pc.Exec.OsEnv.Accept("MYSECRET"), qt.IsFalse) + } |