From 2de28ca5dbd671a4077d7672f9669103ba536e15 Mon Sep 17 00:00:00 2001 From: neri Date: Tue, 22 Nov 2022 20:46:37 +0100 Subject: [PATCH] correct vary header --- src/download.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/download.rs b/src/download.rs index a6a8537..20ddc56 100644 --- a/src/download.rs +++ b/src/download.rs @@ -165,11 +165,11 @@ fn build_file_response( .set_content_disposition(content_disposition); let mut response = file.into_response(req); - add_headers(req, download, &mut response); + append_security_headers(&mut response, req, download); Ok(response) } -fn add_headers(req: &HttpRequest, download: bool, response: &mut HttpResponse) { +fn append_security_headers(response: &mut HttpResponse, req: &HttpRequest, download: bool) { // if the browser is trying to fetch this resource in a secure context pretend the reponse is // just binary data so it won't be executed let sec_fetch_mode = req @@ -186,7 +186,7 @@ fn add_headers(req: &HttpRequest, download: bool, response: &mut HttpResponse) { // the reponse varies based on these request headers response .headers_mut() - .append(VARY, HeaderValue::from_static("accept, sec-fetch-mode")); + .append(VARY, HeaderValue::from_static("sec-fetch-mode")); } fn get_disposition_params(filename: &str) -> Vec { @@ -229,5 +229,5 @@ fn insert_cache_headers(response: &mut HttpResponse, valid_till: OffsetDateTime) } response .headers_mut() - .insert(VARY, HeaderValue::from_name(ACCEPT)); + .append(VARY, HeaderValue::from_name(ACCEPT)); }