From cfceeb111ca9ec720d8c90bc7d1bd9131f2a67a0 Mon Sep 17 00:00:00 2001
From: Michael Lazar <mlazar@doctorondemand.com>
Date: Thu, 16 Jul 2020 23:59:15 -0400
Subject: [PATCH] Change unknown file extension mimetype to
 application/octet-stream

---
 CHANGELOG.md           | 4 ++++
 jetforce/app/static.py | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1f1b629..ab598d8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@
 - Server access logs are now redirected to ``stdout`` instead of ``stderr``.
   This is intended to make it easier to use a log manager tool to split them
   out from other server messages like startup information and error tracebacks.
+- The default mimetype for unknown file extensions will now be sent as
+  "application/octet-stream" instead of "text/plain". The expectation is that
+  it would be safer for a client to download an unknown file rather than
+  attempting to display it inline as text.
 
 ### v0.5.0 (2020-07-14)
 
diff --git a/jetforce/app/static.py b/jetforce/app/static.py
index ff801af..3d3a980 100644
--- a/jetforce/app/static.py
+++ b/jetforce/app/static.py
@@ -198,7 +198,7 @@ class StaticDirectoryApplication(JetforceApplication):
         if encoding:
             return f"{mime}; charset={encoding}"
         else:
-            return mime or "text/plain"
+            return mime or "application/octet-stream"
 
     def add_extra_parameters(self, meta: str) -> str:
         """