Disable werkzeug header generation for files served via mod_xsendfile

For partial content requests, werkzeug's default behaviour is to calculate and add the necessary Content* headers in the response. However, mod-xsendfile, used by SD to deliver files more efficiently, will just pass through requests with pre-existing Content* headers, not even removing the X-Sendfile header used to invoke it. If USE_X_SENDIFLE is set to True in the Flask config, we should stop werkzeug from generating headers, and just let mod_xsendfile do it. (cherry picked from commit 9969e12)
freedomofpress · Jun 25, 2024 · 361fa2c · 361fa2c
1 parent ecabb1a
commit 361fa2c
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/securedrop/journalist_app/utils.py b/securedrop/journalist_app/utils.py
@@ -525,8 +525,13 @@ def col_download_all(cols_selected: List[str]) -> werkzeug.Response:
 
 def serve_file_with_etag(db_obj: Union[Reply, Submission]) -> flask.Response:
     file_path = Storage.get_default().path(db_obj.source.filesystem_id, db_obj.filename)
+    add_range_headers = not current_app.config["USE_X_SENDFILE"]
     response = send_file(
-        file_path, mimetype="application/pgp-encrypted", as_attachment=True, etag=False
+        file_path,
+        mimetype="application/pgp-encrypted",
+        as_attachment=True,
+        etag=False,
+        conditional=add_range_headers,
     )  # Disable Flask default ETag
 
     if not db_obj.checksum: