IO-3340 Resolve unenforced content-type

2025-08-28 15:07:18 -07:00
parent cfdfb8110b
commit 7a383aaec9
2 changed files with 18 additions and 3 deletions
--- a/client/src/components/documents-upload-imgproxy/documents-upload-imgproxy.utility.js
+++ b/client/src/components/documents-upload-imgproxy/documents-upload-imgproxy.utility.js
@@ -67,11 +67,14 @@ export const uploadToS3 = async (
  }

  //Key should be same as we provided to maintain backwards compatibility.
-  const { presignedUrl: preSignedUploadUrlToS3, key: s3Key } = signedURLResponse.data.signedUrls[0];
+  const { presignedUrl: preSignedUploadUrlToS3, key: s3Key, contentType } = signedURLResponse.data.signedUrls[0];

  const options = {
    onUploadProgress: (e) => {
      if (onProgress) onProgress({ percent: (e.loaded / e.total) * 100 });
+    },
+    headers: {
+      ...contentType ? { "Content-Type": fileType } : {}
    }
  };

--- a/server/media/imgproxy-media.js
+++ b/server/media/imgproxy-media.js
@@ -58,8 +58,20 @@ const generateSignedUploadUrls = async (req, res) => {
      }
      
      const command = new PutObjectCommand(commandParams);
-      const presignedUrl = await getSignedUrl(client, command, { expiresIn: 360 });
-      signedUrls.push({ filename, presignedUrl, key });
+
+      // For PDFs, we need to add conditions to the presigned URL to enforce content type
+      const presignedUrlOptions = { expiresIn: 360 };
+      if (isPdf) {
+        presignedUrlOptions.signableHeaders = new Set(['content-type']);
+      }
+
+      const presignedUrl = await getSignedUrl(client, command, presignedUrlOptions);
+      signedUrls.push({
+        filename,
+        presignedUrl,
+        key,
+        ...(isPdf && { contentType: "application/pdf" })
+      });
    }

    logger.log("imgproxy-upload-success", "DEBUG", req.user?.email, jobid, { signedUrls });