From d38a1fc851ef03f45849804ceddd5fc9a5e788dc Mon Sep 17 00:00:00 2001
From: Joseph Schorr <joseph.schorr@coreos.com>
Date: Wed, 6 Dec 2017 17:12:00 -0500
Subject: [PATCH] Ensure user files are always sent with the
 Content-Disposition header

This prevents them from being executed in the browser directly

Fixes https://jira.coreos.com/browse/QS-84
---
 data/userfiles.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/userfiles.py b/data/userfiles.py
index f048a4f62..9d2ea8a2b 100644
--- a/data/userfiles.py
+++ b/data/userfiles.py
@@ -30,7 +30,8 @@ class UserfilesHandlers(View):
       file_stream = self._storage.stream_read_file(self._locations, path)
       buffered = BufferedReader(file_stream)
       file_header_bytes = buffered.peek(1024)
-      return send_file(buffered, mimetype=self._magic.from_buffer(file_header_bytes))
+      return send_file(buffered, mimetype=self._magic.from_buffer(file_header_bytes),
+                       as_attachment=True, attachment_filename=file_id)
     except IOError:
       logger.exception('Error reading user file')
       abort(404)