Uploader.fog_attributes overwrites config.fog_attributes

[jnimety]

I would expect the class method to merge with config.fog_attributes instead. This created a security issue in our application by replacing the global x-amz-server-side-encryption header.

2.4.0 :001 > Contract
*** Unknown command 'set history save off'. Try 'help'

[3, 12] in app/uploaders/contract_file_uploader.rb
    3: class ContractFileUploader < CarrierWave::Uploader::Base
    4:   include CarrierWave::Compatibility::Paperclip
    5:   include CarrierWave::MimeTypes
    6:
    7:   byebug
=>  8:   fog_attributes "Content-Disposition" => "attachment"
    9:
   10:   process :set_content_type
   11:
   12:   def paperclip_path
(byebug) fog_attributes
{"x-amz-server-side-encryption"=>"AES256"}
(byebug) n

[5, 14] in app/uploaders/contract_file_uploader.rb
    5:   include CarrierWave::MimeTypes
    6:
    7:   byebug
    8:   fog_attributes "Content-Disposition" => "attachment"
    9:
=> 10:   process :set_content_type
   11:
   12:   def paperclip_path
   13:     "contract_file_s3s/:id/:style/:basename.:extension"
   14:   end
(byebug) fog_attributes
{"Content-Disposition"=>"attachment"}

[molefrog]

Came across this issue because I wasn't sure if uploader attributes overwrite config-wide attributes. Seems like they do :)

This looks more like a DX issue. For those who are looking for a workaround, this might help:

# in your uploader
def fog_attributes
  super.to_h.merge({ 'Content-Disposition' => 'attachment' })
end

[alexsmartens]

I'm trying to set a header for remote file requests on some files uploaded to s3 and my assumption was that remote_#{column}_request_header=(header) from carrierwave/mount.rb would automatically set it for me. But now I bumped into this issue and got confused.
Is remote_#{column}_request_header=(header) a way to set the file header or is it carrierwave/mount.rb the way to go?