anirudh.fi
Signed-off-by: Anirudh Oppiliappan anirudh@tangled.sh
+11
-3
knotserver/routes.go
+11
-3
knotserver/routes.go
···
286
286
mimeType = "image/svg+xml"
287
287
}
288
288
289
-
if !strings.HasPrefix(mimeType, "image/") && !strings.HasPrefix(mimeType, "video/") {
290
-
l.Error("attempted to serve non-image/video file", "mimetype", mimeType)
291
-
writeError(w, "only image and video files can be accessed directly", http.StatusForbidden)
289
+
// allow image, video, and text/plain files to be served directly
290
+
switch {
291
+
case strings.HasPrefix(mimeType, "image/"):
292
+
// allowed
293
+
case strings.HasPrefix(mimeType, "video/"):
294
+
// allowed
295
+
case strings.HasPrefix(mimeType, "text/plain"):
296
+
// allowed
297
+
default:
298
+
l.Error("attempted to serve disallowed file type", "mimetype", mimeType)
299
+
writeError(w, "only image, video, and text files can be accessed directly", http.StatusForbidden)
292
300
return
293
301
}
294
302