55fd0082aa
As an additional security hardening it's sensible to serve these files with a Content-Disposition of 'attachment'. Currently they are served 'inline' and get a "secure mimetype" assigned in case of potential dangerous files. To test this change ensure that: - [ ] Syncing with the Desktop client still works - [ ] Syncing with the Android client still works - [ ] Syncing with the iOS client still works I verified that the 1.8 OS X and iOS client still work with this change. |
||
---|---|---|
.. | ||
sabre |