Stop using MIME types to infer attachment file extension on download

intuitem / ciso-assistant-community

CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec and Audit Management and supporting +37 frameworks worldwide: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDFS-500, DORA, NIST AI RMF, 800-53, 800-171, CyFun, CJIS, AirCyber and so much more

https://intuitem.com

GNU Affero General Public License v3.0

400 stars 60 forks source link

Stop using MIME types to infer attachment file extension on download #328

Closed nas-tabchiche closed 3 weeks ago

nas-tabchiche commented 3 weeks ago

We used to infer the extension of attachments by checking their MIME types. This was unnecessarily complex as you can simply pass the attachment's file name through the Content-Disposition header. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition

ab-smith commented 3 weeks ago

maybe cover xlsx as well since you're at it or docx usually all office documents (including some EML), PDF, and be able to support multiple images formats