← Back to Upcase

Paperclip latest version

(Charlieanna) #1

The latest version is breaking my app. I am uploading a pem file and it is asking me to set some content type.
I added this

 validates_attachment_content_type :cert, :content_type => ["text/plain"]

and still it fails to add it to the database. Any reason why? I had to go back to the 3.3 version.

(Matthew Sumner) #2

There is a blog post from the 14th explaining that the release of paperclip 4.0 has an important security update to avoid spoofing.

In there is says

“… we’re also turning on a new requirement: You must have a content type or filename validation, or you must explicitly opt-out of it.”

class ActiveRecord::Base
  has_attached_file :avatar

  # Validate content type
  validates_attachment_content_type :avatar, :content_type => /\Aimage/

  # Validate filename
  validates_attachment_file_name :avatar, :matches => [/png\Z/, /jpe?g\Z/]

  # Explicitly do not validate
  do_not_validate_attachment_file_type :avatar

There is even a comment at the bottom concerning your exact situation involving .pem files:

“Immediately, some users reported problems with the spoof detection added in 4.0. In order to fix this, we released 4.1 that added an option called :content_type_mappings that will allow you to specify an extension that cannot otherwise be mapped. For example:”

Paperclip.options[:content_type_mappings] = {
  :pem => "text/plain"

(Charlieanna) #3

where do i put this code?

Paperclip.options[:content_type_mappings] = {
  :pem => "text/plain"

(Sean Griffin) #4

That would go in config/initializers/paperclip.rb

(Charlieanna) #5

So is this right?

class AppleSetting < ActiveRecord::Base
  has_attached_file :cert
  validates_attachment_content_type :cert, :content_type => ["text/plain"]