The latest version is breaking my app. I am uploading a pem file and it is asking me to set some content type.
I added this
validates_attachment_content_type :cert, :content_type => ["text/plain"]
and still it fails to add it to the database. Any reason why? I had to go back to the 3.3 version.
There is a blog post from the 14th explaining that the release of paperclip 4.0 has an important security update to avoid spoofing.
In there is says
“… we’re also turning on a new requirement: You must have a content type or filename validation, or you must explicitly opt-out of it.”
class ActiveRecord::Base
has_attached_file :avatar
# Validate content type
validates_attachment_content_type :avatar, :content_type => /\Aimage/
# Validate filename
validates_attachment_file_name :avatar, :matches => [/png\Z/, /jpe?g\Z/]
# Explicitly do not validate
do_not_validate_attachment_file_type :avatar
end
There is even a comment at the bottom concerning your exact situation involving .pem files:
“Immediately, some users reported problems with the spoof detection added in 4.0. In order to fix this, we released 4.1 that added an option called :content_type_mappings that will allow you to specify an extension that cannot otherwise be mapped. For example:”
Paperclip.options[:content_type_mappings] = {
:pem => "text/plain"
}
where do i put this code?
Paperclip.options[:content_type_mappings] = {
:pem => "text/plain"
}
That would go in config/initializers/paperclip.rb
So is this right?
class AppleSetting < ActiveRecord::Base
has_attached_file :cert
validates_attachment_content_type :cert, :content_type => ["text/plain"]
end