275 spoofingdetection issue #278
Conversation
| @@ -213,7 +213,7 @@ | |||
| describe '#allowing + #rejecting' do | |||
| let(:model_attribute) { :allowing_one } | |||
| let(:allowed_type) { 'image/png' } | |||
| let(:not_allowed_type) { 'video/mkv' } | |||
There was a problem hiding this comment.
video/mkv is not a valid content_type, video/x-matroska is, with .mkv extension
| @@ -229,8 +229,8 @@ | |||
|
|
|||
| describe '#allowing + #rejecting + #with_message' do | |||
| let(:model_attribute) { :allowing_one_with_message } | |||
| let(:allowed_type) { 'file/pdf' } | |||
There was a problem hiding this comment.
file/pdf is not a valid content_type, application/pdf is
| @@ -27,7 +27,7 @@ def most_common_mime_types | |||
| # Audio | |||
| { mime_type: "audio/mpeg", extension: "mp3" }, | |||
| { mime_type: "audio/mp4", extension: "m4a" }, | |||
| { mime_type: "audio/wav", extension: "wav" }, | |||
There was a problem hiding this comment.
audio/wav is not a valid content_type, audio/x-wav is
|
FYI @MaksJS, should be merged and release soon |
Version 1.3.1 of active_storage_validations makes the validation of document type stricter to improve spoofing detection. One impact of this is that a docx file is rejected when uploaded with the document type application/msword. The correct type is application/vnd.openxmlformats-officedocument.wordprocessingml.document Ref: igorkasyanchuk/active_storage_validations#278
|
My validations stopped working properly when upgrading from 1.3.0 to 1.3.1. It might be caused by this PR as it seems the only major change. I'm still investigating what exactly is going wrong, but accepted content types are reported as being invalid. I think Notice the last line has |
| require_relative 'concerns/symbolizable.rb' | ||
|
|
||
| module ActiveStorageValidations | ||
| class ProcessableImageValidator < ActiveModel::EachValidator # :nodoc | ||
| include ActiveStorageable | ||
| include Attachable |
There was a problem hiding this comment.
I have a concern in my application located in app/models/concerns/attachable, and since Zeitwerk has a special case for the concerns/*.rb directory when autoloading/eager loading,
==> it picks up this gem's before mine
lib/active_storage_validations/concerns/attachable.rb ( probably because active_storage_validations comes before app alphabetically )
Do you think it's possible to rename the directory concerns to something else please? @igorkasyanchuk
There was a problem hiding this comment.
As a workaround, I need to do this for now include ::Attachable in my models :/
There was a problem hiding this comment.
Hi @chaadow,
I did not think Zeitwerk would pick up the gem concerns... That's something I was unaware of, I am going to fix this issue. You can still downgrade to v1.3.0 while waiting the fix. :)
There was a problem hiding this comment.
Issue #281 opened to solve this
@marckohlbrugge issue #282 opened to discuss your issue |
Version 1.3.1 of active_storage_validations makes the validation of document type stricter to improve spoofing detection. One impact of this is that a docx file is rejected when uploaded with the document type application/msword. The correct type is application/vnd.openxmlformats-officedocument.wordprocessingml.document Ref: igorkasyanchuk/active_storage_validations#278
Version 1.3.1 of active_storage_validations makes the validation of document type stricter to improve spoofing detection. One impact of this is that a docx file is rejected when uploaded with the document type application/msword. The correct type is application/vnd.openxmlformats-officedocument.wordprocessingml.document Ref: igorkasyanchuk/active_storage_validations#278
This was a pretty heavy PR to make 😅. But damn it was worth it!