55fd0082aa
As an additional security hardening it's sensible to serve these files with a Content-Disposition of 'attachment'. Currently they are served 'inline' and get a "secure mimetype" assigned in case of potential dangerous files. To test this change ensure that: - [ ] Syncing with the Desktop client still works - [ ] Syncing with the Android client still works - [ ] Syncing with the iOS client still works I verified that the 1.8 OS X and iOS client still work with this change. |
||
|---|---|---|
| .. | ||
| l10n | ||
| private | ||
| public | ||
| repair | ||
| autoloader.php | ||
| base.php | ||