-
Scott Dutton authoredCurrently if the following situation happens Server generates preview Server has command removed which allows a preview to be shown Client asks for preview, gets a 404 error when preview exists (Mime checked before preview) This happens more often with documents, or video as the commands are not native PHP, they require a binary on the server. After the fix the following would happen Server generates preview Server has command removed which allows a preview to be shown Client asks for preview, gets preview which has been generated (Mime checked after preview) This would also allow offline generation (for example a docker image containing the extra binaries), allowing a reduction in attack surface of the instance serving the preview data. Signed-off-by:
Scott Dutton <scott@exussum.co.uk>Scott Dutton authoredCurrently if the following situation happens Server generates preview Server has command removed which allows a preview to be shown Client asks for preview, gets a 404 error when preview exists (Mime checked before preview) This happens more often with documents, or video as the commands are not native PHP, they require a binary on the server. After the fix the following would happen Server generates preview Server has command removed which allows a preview to be shown Client asks for preview, gets preview which has been generated (Mime checked after preview) This would also allow offline generation (for example a docker image containing the extra binaries), allowing a reduction in attack surface of the instance serving the preview data. Signed-off-by:Scott Dutton <scott@exussum.co.uk>