Merge pull request #1491 from mig5/force_js_mimetype

Force javascript MIME type to work around silly operating system MIME databases
2025-06-07 22:32:58 -04:00 · 2021-12-19 16:08:09 -08:00 · 2021-12-19 16:08:09 -08:00 · a0132faaac
commit a0132faaac
parent 3e8efce2af f5f940d335
5 changed files with 21 additions and 0 deletions
--- a/cli/onionshare_cli/web/web.py
+++ b/cli/onionshare_cli/web/web.py
@ -18,6 +18,7 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """
 import logging
 import mimetypes
 import os
 import queue
 import requests
@ -80,6 +81,16 @@ class Web:
        self.settings = mode_settings
        # Flask guesses the MIME type of files from a database on the operating
        # system.
        # Some operating systems, or applications that can modify the database
        # (such as the Windows Registry) can treat .js files as text/plain,
        # which breaks the chat app due to X-Content-Type-Options: nosniff.
        #
        # It's probably #notourbug but we can fix it by forcing the mimetype.
        # https://github.com/onionshare/onionshare/issues/1443
        mimetypes.add_type('text/javascript', '.js')
        # The flask app
        self.app = Flask(
            __name__,
--- a/desktop/tests/gui_base_test.py
+++ b/desktop/tests/gui_base_test.py
@ -177,6 +177,13 @@ class GuiBaseTest(unittest.TestCase):
        tab.get_mode().toggle_history.click()
        self.assertEqual(tab.get_mode().history.isVisible(), not currently_visible)
    def javascript_is_correct_mime_type(self, tab, file):
        """Test that the javascript file send.js is fetchable and that its MIME type is correct"""
        path = f"{tab.get_mode().web.static_url_path}/js/{file}"
        url = f"http://127.0.0.1:{tab.app.port}/{path}"
        r = requests.get(url)
        self.assertTrue(r.headers["Content-Type"].startswith("text/javascript;"))
    def history_indicator(self, tab, indicator_count="1"):
        """Test that we can make sure the history is toggled off, do an action, and the indicator works"""
        # Make sure history is toggled off
--- a/desktop/tests/test_gui_chat.py
+++ b/desktop/tests/test_gui_chat.py
@ -61,6 +61,7 @@ class TestChat(GuiBaseTest):
        tab = self.new_chat_tab()
        self.run_all_chat_mode_started_tests(tab)
        self.view_chat(tab)
        self.javascript_is_correct_mime_type(tab, "chat.js")
        self.change_username(tab)
        self.run_all_chat_mode_stopping_tests(tab)
        self.close_all_tabs()
--- a/desktop/tests/test_gui_receive.py
+++ b/desktop/tests/test_gui_receive.py
@ -122,6 +122,7 @@ class TestReceive(GuiBaseTest):
    def run_all_receive_mode_tests(self, tab):
        """Submit files and messages in receive mode and stop the share"""
        self.run_all_receive_mode_setup_tests(tab)
        self.javascript_is_correct_mime_type(tab, "receive.js")
        self.upload_file(tab, self.tmpfile_test, "test.txt")
        self.history_widgets_present(tab)
        self.counter_incremented(tab, 1)
--- a/desktop/tests/test_gui_share.py
+++ b/desktop/tests/test_gui_share.py
@ -197,6 +197,7 @@ class TestShare(GuiBaseTest):
            self.tmpfile_test
        )
        self.web_page(tab, "Total size")
        self.javascript_is_correct_mime_type(tab, "send.js")
        self.download_share(tab)
        self.history_widgets_present(tab)
        self.server_is_stopped(tab)