From c9d83b5ae61adacd499acb977b63f2c8323d6cd3 Mon Sep 17 00:00:00 2001
From: Josh Qou <jqou@icloud.com>
Date: Thu, 15 Jun 2023 12:57:02 +0100
Subject: [PATCH] download.go: Fix unsafe disposition type in media api

---
 mediaapi/routing/download.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mediaapi/routing/download.go b/mediaapi/routing/download.go
index e9f161a3c..8fb1b6534 100644
--- a/mediaapi/routing/download.go
+++ b/mediaapi/routing/download.go
@@ -341,6 +341,7 @@ func (r *downloadRequest) addDownloadFilenameToHeaders(
 	}
 
 	if len(filename) == 0 {
+		w.Header().Set("Content-Disposition", "attachment")
 		return nil
 	}
 
@@ -376,13 +377,13 @@ func (r *downloadRequest) addDownloadFilenameToHeaders(
 		// that would otherwise be parsed as a control character in the
 		// Content-Disposition header
 		w.Header().Set("Content-Disposition", fmt.Sprintf(
-			`inline; filename=%s%s%s`,
+			`attachment; filename=%s%s%s`,
 			quote, unescaped, quote,
 		))
 	} else {
 		// For UTF-8 filenames, we quote always, as that's the standard
 		w.Header().Set("Content-Disposition", fmt.Sprintf(
-			`inline; filename*=utf-8''%s`,
+			`attachment; filename*=utf-8''%s`,
 			url.QueryEscape(unescaped),
 		))
 	}