Stan Hu · 41b51c06 · cb7853a6 · 9b27bb8c · 1c760934 · cc5e7309
--- a/app/controllers/concerns/send_file_upload.rb

+ 10

− 3
+++ b/app/controllers/concerns/send_file_upload.rb

+ 10

− 3
 @@ -3,18 +3,25 @@
 @@ -3,18 +3,25 @@
 module SendFileUpload
  def send_upload(file_upload, send_params: {}, redirect_params: {}, attachment: nil, proxy: false, disposition: 'attachment')
    if attachment
-      disposition = ::Gitlab::ContentDisposition.format(disposition: disposition, filename: attachment)
+      response_disposition = ::Gitlab::ContentDisposition.format(disposition: 'attachment', filename: attachment)
      # Response-Content-Type will not override an existing Content-Type in
      # Google Cloud Storage, so the metadata needs to be cleared on GCS for
      # this to work. However, this override works with AWS.
-      redirect_params[:query] = { "response-content-disposition" => disposition,
+      redirect_params[:query] = { "response-content-disposition" => response_disposition,
                                  "response-content-type" => guess_content_type(attachment) }
      # By default, Rails will send uploads with an extension of .js with a
      # content-type of text/javascript, which will trigger Rails'
      # cross-origin JavaScript protection.
      send_params[:content_type] = 'text/plain' if File.extname(attachment) == '.js'
-      send_params.merge!(filename: attachment, disposition: disposition)
+      # Rails 5 will append an extra `; filename#{filename}` here:
+      # https://github.com/rails/rails/blob/v5.0.7/actionpack/lib/action_controller/metal/data_streaming.rb#L137
+      # We're including the full Content-Disposition because we want the
+      # properly encoded field.  Rails 6 will have
+      # https://github.com/rails/rails/pull/33829, and we can simplify
+      # the disposition argument to `attachment`.
+      send_params.merge!(filename: attachment, disposition: response_disposition)
    end
    if file_upload.file_storage?