files: Don't use canonical path when serving file (#2156)

actix-files/CHANGES.md

@@ -1,6 +1,9 @@
 # Changes
 
 ## Unreleased - 2021-xx-xx
+* For symbolic links, `Content-Disposition` header no longer shows the filename of the original file. [#2156]
+
+[#2156]: https://github.com/actix/actix-web/pull/2156
 
 
 ## 0.6.0-beta.4 - 2021-04-02

actix-files/src/lib.rs

@@ -754,4 +754,19 @@ mod tests {
         let res = test::call_service(&srv, req).await;
         assert_eq!(res.status(), StatusCode::OK);
     }
+
+    #[actix_rt::test]
+    async fn test_symlinks() {
+        let srv = test::init_service(App::new().service(Files::new("test", "."))).await;
+
+        let req = TestRequest::get()
+            .uri("/test/tests/symlink-test.png")
+            .to_request();
+        let res = test::call_service(&srv, req).await;
+        assert_eq!(res.status(), StatusCode::OK);
+        assert_eq!(
+            res.headers().get(header::CONTENT_DISPOSITION).unwrap(),
+            "inline; filename=\"symlink-test.png\""
+        );
+    }
 }

actix-files/src/service.rs

@@ -83,10 +83,10 @@ impl Service<ServiceRequest> for FilesService {
             };
 
         // full file path
-        let path = match self.directory.join(&real_path).canonicalize() {
-            Ok(path) => path,
-            Err(err) => return Box::pin(self.handle_err(err, req)),
-        };
+        let path = self.directory.join(&real_path);
+        if let Err(err) = path.canonicalize() {
+            return Box::pin(self.handle_err(err, req));
+        }
 
         if path.is_dir() {
             if let Some(ref redir_index) = self.index {

actix-files/tests/symlink-test.png

@@ -0,0 +1 @@
+test.png