To correctly detect content type of file in some cases file extension should be used in addition to magic detection. Such cases include custom extensions with .zip contents, .dotx / .docx files which have same magic signature, and others.
This approach keeps protection from spoofing intact, which would not be guaranteed if Marcel::MimeType.for were used.
This should also resolve issues described in #2704
To correctly detect content type of file in some cases file extension should be used in addition to magic detection. Such cases include custom extensions with .zip contents, .dotx / .docx files which have same magic signature, and others.
This approach keeps protection from spoofing intact, which would not be guaranteed if
Marcel::MimeType.for
were used.This should also resolve issues described in #2704