HTTP: Serve raw blobs with application/octet-stream

So we don't get XSSed. Might be useful to use heuristics to detect whether it's displayable as text/plain, though. Fixes: https://todo.sr.ht/~runxiyu/forge/20#event-411435
author: Runxi Yu <me@runxiyu.org> 2025-04-03 18:04:16 +0800
committer: Runxi Yu <me@runxiyu.org> 2025-04-03 18:04:16 +0800
commit: 564ceda1247f444bc7c20c6be01cf71f62c549f1 (patch)
tree: 058c8eb38c1b717ac2453b21aea17e899a9a5b7c /http_handle_repo_raw.go
parent: man: Update lindenii-forge.5 for daemon_path (diff)
download: forge-564ceda1247f444bc7c20c6be01cf71f62c549f1.tar.gz
forge-564ceda1247f444bc7c20c6be01cf71f62c549f1.tar.zst
forge-564ceda1247f444bc7c20c6be01cf71f62c549f1.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/http_handle_repo_raw.go b/http_handle_repo_raw.go
index 4394e18..75296d6 100644
--- a/http_handle_repo_raw.go
+++ b/http_handle_repo_raw.go
@@ -77,6 +77,7 @@ func httpHandleRepoRaw(writer http.ResponseWriter, request *http.Request, params
 			}
 			cost := time.Since(start).Nanoseconds()
 			commitPathFileRawCache.Set(cacheHandle, fileContent, cost)
+			writer.Header().Set("Content-Type", "application/octet-stream")
 			fmt.Fprint(writer, fileContent)
 			return
 		}
author	Runxi Yu <me@runxiyu.org>	2025-04-03 18:04:16 +0800
committer	Runxi Yu <me@runxiyu.org>	2025-04-03 18:04:16 +0800
commit	564ceda1247f444bc7c20c6be01cf71f62c549f1 (patch)
tree	058c8eb38c1b717ac2453b21aea17e899a9a5b7c /http_handle_repo_raw.go
parent	man: Update lindenii-forge.5 for daemon_path (diff)
download	forge-564ceda1247f444bc7c20c6be01cf71f62c549f1.tar.gz forge-564ceda1247f444bc7c20c6be01cf71f62c549f1.tar.zst forge-564ceda1247f444bc7c20c6be01cf71f62c549f1.zip