Open JoshMcCullough opened 5 years ago
I guess this must be an IE issue where it's just reporting the generic application/octet-stream
MIME type for some files that it "doesn't know about" e.g. KMZ/KML. Probably nothing for RC to do here.
Following up on my last thought, it seems bad that RC is limiting based on MIME type rather than simply extension. It relies on the user's system having these MIME types defined, whereas we probably don't care, and there is no guarantee that the file they're uploading actually is of the MIME type, but just that the extension matches and was found in the system's registry.
I suggest that RC should look at the file extension when determining if a file is allows or not. This would be much more flexible.
This is more than an IE issue. IMO RC should not rely on the browser's interpretation of a media type for a give file being uploaded -- it is often wrong or non-existent. For instance, we have some obscure extension (not specific media types) we need to allow users to upload. But we can't since the browser comes up with an empty/null media type (e.g. for the extension "dat" -- which could map to many media types).
If the browser can't determine the media type, RC won't upload the file.
I suggest that RC should allow us to configure allowed file extensions rather than media types as it is far more flexible. Otherwise, RC should do the media type validation on the server side using a library such as tika.
@JoshMcCullough what do you think about this proposal?
https://github.com/RocketChat/Rocket.Chat.Apps-engine/pull/239
I don't have enough background on RC's code to be helpful here, unfortunately.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Don't you dare, bot!
Related to:
Description:
Some MIME types configured in Admin > File Upload are disallowed still in IE11, but allowed in other browsers, e.g. Chrome.
Steps to reproduce:
application/vnd.google-earth.kml+xml,application/vnd.google-earth.kmz
kml
orkmz
extension -- note that the file is rejected / not allowed.Expected behavior:
File types should be honored based on the configuration.
Actual behavior:
Allowed file types are rejected in IE11.
Server Setup Information:
Additional context
Note that the Network tab of IE11's developer tools does not show any network activity, so this rejection is happening locally within the browser as far as I can tell.