PDFs uploaded to GitLab can't be viewed in browser
Summary
PDFs across GitLab are are served as downloads rather than opened inline when clicked.
Steps to reproduce
- Create an issue, attaching a PDF.
- In the resulting issue, click the link for the PDF
Example Project
https://gitlab.com/john-s-feature-test-group/service-desk-testing/issues/
What is the current bug behavior?
PDF is uploaded to object storage correctly, however it is not viewable in the browser as it is treated as an attachment
rather than being rendered inline
.
What is the expected correct behavior?
PDF should display in a new browser tab when clicked on.
#7105 (comment 254683721))
Possible Fix (from-
Update https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/internal%2Fheaders%2Fcontent_headers.go, adding
application/pdf
to the list of permitted content types inallowedInlineTypes
. -
We might still need to make a change on the Rails side, too.
Relevant logs and/or screenshots
Original issue text
Summary
PDFs emailed in via Service Desk cannot be displayed by clicking on the link due to "Content Security Policy".
Steps to reproduce
Email a PDF to a project using its Service Desk email. In the created issue, the PDF will not be viewable normally due to content security policy.
Example Project
https://gitlab.com/ahanselka/service-desk-test/issues
What is the current bug behavior?
PDF is uploaded to object storage correctly, however it is not viewable in the browser due to content security policy. You CAN download it via right clicking and choosing to save file.
What is the expected correct behavior?
PDF should display properly when clicked on.
Relevant logs and/or screenshots
Refused to load plugin data from 'https://gitlab.com/ahanselka/service-desk-test/uploads/9b149da50455c2c7bf5b4b50a1a2dd15/test-pdf.pdf' because it violates the following Content Security Policy directive: "object-src 'none'".
cc/ @mkozono