Uploading a .xlsm file (Excel macro-enabled workbook). ActionDispatch::Http::UploadedFile carries the correct content-type definition of application/vnd.ms-excel.sheet.macroenabled.12.
Marcel::MimeType#for and Marcel::Magic.by_magic for this file return application/vnd.openxmlformats-officedocument.spreadsheetml.sheet, the expected content-type for a non-macro-enabled workbook.
This causes problems when uploading .xlsm files to S3, which uses the content type to determine the extension of the file upon download. As a result, uploaded .xlsm files are being downloaded from S3 as .xlsx files, which refuse to open due to the incorrect content type.
At a glance, it appears that application/vnd.ms-excel.sheet.macroenabled.12 isn't provided as an option in Marcel::MAGIC.
Workaround:
As a workaround, one can pass the extension only, which does produce the correct content-type. However there are obvious security risks around this approach.
Marcel version: 1.0.4 Ruby version: 3.2.3 Rails version: 7.1.3.2
Issue:
Uploading a .xlsm file (Excel macro-enabled workbook).
ActionDispatch::Http::UploadedFilecarries the correct content-type definition ofapplication/vnd.ms-excel.sheet.macroenabled.12.Marcel::MimeType#forandMarcel::Magic.by_magicfor this file returnapplication/vnd.openxmlformats-officedocument.spreadsheetml.sheet, the expected content-type for a non-macro-enabled workbook.This causes problems when uploading .xlsm files to S3, which uses the content type to determine the extension of the file upon download. As a result, uploaded .xlsm files are being downloaded from S3 as .xlsx files, which refuse to open due to the incorrect content type.
At a glance, it appears that
application/vnd.ms-excel.sheet.macroenabled.12isn't provided as an option inMarcel::MAGIC.Workaround:
As a workaround, one can pass the extension only, which does produce the correct content-type. However there are obvious security risks around this approach.