My Rails site allows users to upload documents, I use the attachment_fu plugin. I have a list of allowed content types [MIME] that I allow - standard image formats, Office documents, PDF, etc. I have a user who cannot download any PDF documents because the check is not performed looking in the logs. Attachment_fu considers the MIME type to be "application / x2x-download". User Browser - Firefox on Windows XP. When I try to download the PDF myself using Firefox on OS X or Safari or IE 6/7/8, it works fine. This seems to be just a problem with its browser.
I was looking for this type of MIME and does not seem to exist.
In theory, I could ignore the MIME type that the client reports and try to determine the file myself, perhaps by file -b --mime-type command, but that just seems sarcastic.
Another popular Rails plugin, Paperclip, does not perform MIME authentication itself, and also tries to trust the clientβs browser.
What do you think? Ignore the client and [try] identify the download yourself, or try to find out why this user browser sets the completely invalid MIME type in the first place?
source share