don't leak mimetype for encrypted attachments

2020-11-13 19:10:04 +01:00 · 2020-11-13 19:10:04 +01:00 · 262cc8936e
parent 96e46d154c
commit 262cc8936e
2 changed files with 3 additions and 3 deletions
--- a/src/matrix/e2ee/attachment.js
+++ b/src/matrix/e2ee/attachment.js
@ -65,7 +65,7 @@ export async function encryptAttachment(platform, blob) {
    const ciphertext = await crypto.aes.encryptCTR({jwkKey: key, iv, data: buffer});
    const digest = await crypto.digest("SHA-256", ciphertext);
    return {
-        blob: platform.createBlob(ciphertext, blob.mimeType),
+        blob: platform.createBlob(ciphertext, 'application/octet-stream'),
        info: {
            v: "v2",
            key,
--- a/src/matrix/room/AttachmentUpload.js
+++ b/src/matrix/room/AttachmentUpload.js
@ -98,10 +98,10 @@ export class AttachmentUpload {
        }
        let prefix = urlPath.substr(0, urlPath.lastIndexOf("url"));
        setPath(`${prefix}info.size`, content, this._transferredBlob.size);
-        setPath(`${prefix}info.mimetype`, content, this._unencryptedBlob.mimeType);
+        setPath(`${prefix}info.mimetype`, content, this._transferredBlob.mimeType);
        if (this._isEncrypted) {
            setPath(`${prefix}file`, content, Object.assign(this._encryptionInfo, {
-                mimetype: this._unencryptedBlob.mimeType,
+                mimetype: this._transferredBlob.mimeType,
                url: this._mxcUrl
            }));
        } else {