From 4b6cd397fce884c38f7d130872fecc54e52caed2 Mon Sep 17 00:00:00 2001
From: Tyrone Yeh <tyrone_yeh@draytek.com>
Date: Fri, 22 Jul 2022 22:20:35 +0800
Subject: [PATCH 1/2] Add condition for pdf file type

---
 routers/common/repo.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/routers/common/repo.go b/routers/common/repo.go
index b3cd749115fb1..8727d517b962f 100644
--- a/routers/common/repo.go
+++ b/routers/common/repo.go
@@ -89,11 +89,13 @@ func ServeData(ctx *context.Context, name string, size int64, reader io.Reader)
 		if (st.IsImage() || st.IsPDF()) && (setting.UI.SVG.Enabled || !st.IsSvgImage()) {
 			ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, name))
 			if st.IsSvgImage() || st.IsPDF() {
-				ctx.Resp.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
+				if !st.IsPDF() {
+					ctx.Resp.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
+				}
 				ctx.Resp.Header().Set("X-Content-Type-Options", "nosniff")
 				if st.IsSvgImage() {
 					ctx.Resp.Header().Set("Content-Type", typesniffer.SvgMimeType)
-				} else {
+				} else if mappedMimeType == "" {
 					ctx.Resp.Header().Set("Content-Type", typesniffer.ApplicationOctetStream)
 				}
 			}

From 76331e7e79dc1a051a22468aac77fb1141414364 Mon Sep 17 00:00:00 2001
From: Tyrone Yeh <tyrone_yeh@draytek.com>
Date: Sat, 23 Jul 2022 07:42:29 +0800
Subject: [PATCH 2/2] Remove or isPDF in condition

---
 routers/common/repo.go | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/routers/common/repo.go b/routers/common/repo.go
index 8727d517b962f..c127dcbc23caa 100644
--- a/routers/common/repo.go
+++ b/routers/common/repo.go
@@ -88,14 +88,12 @@ func ServeData(ctx *context.Context, name string, size int64, reader io.Reader)
 		}
 		if (st.IsImage() || st.IsPDF()) && (setting.UI.SVG.Enabled || !st.IsSvgImage()) {
 			ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, name))
-			if st.IsSvgImage() || st.IsPDF() {
-				if !st.IsPDF() {
-					ctx.Resp.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
-				}
+			if st.IsSvgImage() {
+				ctx.Resp.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
 				ctx.Resp.Header().Set("X-Content-Type-Options", "nosniff")
 				if st.IsSvgImage() {
 					ctx.Resp.Header().Set("Content-Type", typesniffer.SvgMimeType)
-				} else if mappedMimeType == "" {
+				} else {
 					ctx.Resp.Header().Set("Content-Type", typesniffer.ApplicationOctetStream)
 				}
 			}