From 4dceedd21147210f0af3153cc9531d3fdc74f404 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Wed, 27 Jul 2022 21:49:11 +0200
Subject: [PATCH] restore setting.UI.SVG.Enabled behaviour

---
 routers/common/repo.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/routers/common/repo.go b/routers/common/repo.go
index a4155e8424ee..a9e80fad48c8 100644
--- a/routers/common/repo.go
+++ b/routers/common/repo.go
@@ -97,8 +97,10 @@ func ServeData(ctx *context.Context, filePath string, size int64, reader io.Read
 	}
 	ctx.Resp.Header().Set("X-Content-Type-Options", "nosniff")
 
+	isSVG := sniffedType.IsSvgImage()
+
 	// serve types that can present a security risk with CSP
-	if sniffedType.IsSvgImage() {
+	if isSVG {
 		ctx.Resp.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
 	} else if sniffedType.IsPDF() {
 		// no sandbox attribute for pdf as it breaks rendering in at least safari. this
@@ -107,8 +109,15 @@ func ServeData(ctx *context.Context, filePath string, size int64, reader io.Read
 		ctx.Resp.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'")
 	}
 
+	disposition := "inline"
+	if isSVG && !setting.UI.SVG.Enabled {
+		disposition = "attachment"
+	}
+
 	// encode filename per https://datatracker.ietf.org/doc/html/rfc5987
-	ctx.Resp.Header().Set("Content-Disposition", `inline; filename*=UTF-8''`+url.PathEscape(fileName))
+	encodedFileName := `filename*=UTF-8''` + url.PathEscape(fileName)
+
+	ctx.Resp.Header().Set("Content-Disposition", disposition+"; "+encodedFileName)
 	ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")
 
 	_, err = ctx.Resp.Write(buf)