From 7a383aaec98a4315914820960cb65351330edfa1 Mon Sep 17 00:00:00 2001 From: Patrick Fic Date: Thu, 28 Aug 2025 15:07:18 -0700 Subject: [PATCH] IO-3340 Resolve unenforced content-type --- .../documents-upload-imgproxy.utility.js | 5 ++++- server/media/imgproxy-media.js | 16 ++++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/client/src/components/documents-upload-imgproxy/documents-upload-imgproxy.utility.js b/client/src/components/documents-upload-imgproxy/documents-upload-imgproxy.utility.js index 7ecbd50bb..000871efe 100644 --- a/client/src/components/documents-upload-imgproxy/documents-upload-imgproxy.utility.js +++ b/client/src/components/documents-upload-imgproxy/documents-upload-imgproxy.utility.js @@ -67,11 +67,14 @@ export const uploadToS3 = async ( } //Key should be same as we provided to maintain backwards compatibility. - const { presignedUrl: preSignedUploadUrlToS3, key: s3Key } = signedURLResponse.data.signedUrls[0]; + const { presignedUrl: preSignedUploadUrlToS3, key: s3Key, contentType } = signedURLResponse.data.signedUrls[0]; const options = { onUploadProgress: (e) => { if (onProgress) onProgress({ percent: (e.loaded / e.total) * 100 }); + }, + headers: { + ...contentType ? { "Content-Type": fileType } : {} } }; diff --git a/server/media/imgproxy-media.js b/server/media/imgproxy-media.js index 7a2b1ebfb..85bc3393f 100644 --- a/server/media/imgproxy-media.js +++ b/server/media/imgproxy-media.js @@ -58,8 +58,20 @@ const generateSignedUploadUrls = async (req, res) => { } const command = new PutObjectCommand(commandParams); - const presignedUrl = await getSignedUrl(client, command, { expiresIn: 360 }); - signedUrls.push({ filename, presignedUrl, key }); + + // For PDFs, we need to add conditions to the presigned URL to enforce content type + const presignedUrlOptions = { expiresIn: 360 }; + if (isPdf) { + presignedUrlOptions.signableHeaders = new Set(['content-type']); + } + + const presignedUrl = await getSignedUrl(client, command, presignedUrlOptions); + signedUrls.push({ + filename, + presignedUrl, + key, + ...(isPdf && { contentType: "application/pdf" }) + }); } logger.log("imgproxy-upload-success", "DEBUG", req.user?.email, jobid, { signedUrls });