From ac910ed200c7af9160920b8572da237b6cd7968b Mon Sep 17 00:00:00 2001
From: -LAN- <laipz8200@outlook.com>
Date: Fri, 21 Mar 2025 17:44:13 +0800
Subject: [PATCH] feat: replace file content type to avoid load script in svg.
 (#16454)

Signed-off-by: -LAN- <laipz8200@outlook.com>
---
 api/controllers/files/image_preview.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/controllers/files/image_preview.py b/api/controllers/files/image_preview.py
index 6f39908b6e..5adfe16a79 100644
--- a/api/controllers/files/image_preview.py
+++ b/api/controllers/files/image_preview.py
@@ -75,6 +75,7 @@ class FilePreviewApi(Resource):
         if args["as_attachment"]:
             encoded_filename = quote(upload_file.name)
             response.headers["Content-Disposition"] = f"attachment; filename*=UTF-8''{encoded_filename}"
+        response.headers["Content-Type"] = "application/octet-stream"
 
         return response