Merge pull request #37 from supabase/feat/disable-html

feat: disable rendering html files
supabase · Jun 25, 2021 · f6bcd2c · f6bcd2c
2 parents 13ace1d + 726333c
commit f6bcd2c
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 3 deletions.
diff --git a/src/routes/object/getObject.ts b/src/routes/object/getObject.ts
@@ -4,6 +4,7 @@ import { IncomingMessage, Server, ServerResponse } from 'http'
 import { AuthenticatedRangeRequest, Obj } from '../../types/types'
 import { getPostgrestClient, isValidKey, transformPostgrestError } from '../../utils'
 import { getConfig } from '../../utils/config'
+import { normalizeContentType } from '../../utils'
 import { createResponse } from '../../utils/generic-routes'
 import { getObject, initClient } from '../../utils/s3'
 
@@ -69,7 +70,7 @@ async function requestHandler(
 
   response
     .status(data.$metadata.httpStatusCode ?? 200)
-    .header('Content-Type', data.ContentType)
+    .header('Content-Type', normalizeContentType(data.ContentType))
     .header('Cache-Control', data.CacheControl)
     .header('ETag', data.ETag)
     .header('Last-Modified', data.LastModified)

diff --git a/src/routes/object/getPublicObject.ts b/src/routes/object/getPublicObject.ts
@@ -3,6 +3,7 @@ import { FromSchema } from 'json-schema-to-ts'
 import { Bucket } from '../../types/types'
 import { getPostgrestClient, transformPostgrestError } from '../../utils'
 import { getConfig } from '../../utils/config'
+import { normalizeContentType } from '../../utils'
 import { getObject, initClient } from '../../utils/s3'
 
 const { region, projectRef, globalS3Bucket, globalS3Endpoint, serviceKey } = getConfig()
@@ -61,7 +62,7 @@ export default async function routes(fastify: FastifyInstance) {
         const data = await getObject(client, globalS3Bucket, s3Key, range)
         response
           .status(data.$metadata.httpStatusCode ?? 200)
-          .header('Content-Type', data.ContentType)
+          .header('Content-Type', normalizeContentType(data.ContentType))
           .header('Cache-Control', data.CacheControl)
           .header('ETag', data.ETag)
           .header('Last-Modified', data.LastModified)

diff --git a/src/routes/object/getSignedObject.ts b/src/routes/object/getSignedObject.ts
@@ -3,6 +3,7 @@ import { FromSchema } from 'json-schema-to-ts'
 import { SignedToken } from '../../types/types'
 import { verifyJWT } from '../../utils/'
 import { getConfig } from '../../utils/config'
+import { normalizeContentType } from '../../utils'
 import { createResponse } from '../../utils/generic-routes'
 import { getObject, initClient } from '../../utils/s3'
 
@@ -64,7 +65,7 @@ export default async function routes(fastify: FastifyInstance) {
 
         response
           .status(data.$metadata.httpStatusCode ?? 200)
-          .header('Content-Type', data.ContentType)
+          .header('Content-Type', normalizeContentType(data.ContentType))
           .header('Cache-Control', data.CacheControl ?? 'no-cache')
           .header('ETag', data.ETag)
           .header('Last-Modified', data.LastModified)

diff --git a/src/utils/index.ts b/src/utils/index.ts
@@ -67,6 +67,13 @@ export function transformPostgrestError(
   }
 }
 
+export function normalizeContentType(contentType: string | undefined): string | undefined {
+  if (contentType?.includes('text/html')) {
+    return 'text/plain'
+  }
+  return contentType
+}
+
 export function isValidKey(key: string): boolean {
   // only allow s3 safe characters and characters which require special handling for now
   // https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html