没有扩展名在网络上投放图像是否安全？ [英] Is it safe to serve an image on the web without an extension?

问题描述

我将所有* .jpg文件视为静态，但我需要动态提供一些。我可以简单地省略扩展名，这样我就不必对我的网址规则感到满意吗？仅仅在标题中设置文件类型是否足够？

I'm treating all *.jpg files as static, but I need to serve a few dynamically. Can I simply omit the extension so I don't have to get fancy with my url rules? Is it enough to just set the file type in the header?

推荐答案

我从来没有遇到过使用动态图像提供动画的问题奇怪的延伸或根本没有延伸。 Querystrings也没问题。

I've never had a problem serving dynamic images with a strange extension or no extension at all. Querystrings are also fine.

标题正确并且二进制文件正确形成就足够了。执行此操作时，请确保还将Content-Disposition设置为合理的文件名，以便人们不要尝试使用疯狂的查询字符串名称下载文件。 （哪些Windows用户将无法保存，因为他们很可能会有？。）

It will be enough for the headers to be correct and the binary file correctly formed. When you do this make sure you also set the Content-Disposition to a reasonable file name so people don't try to download your files with crazy querystring names. (Which windows users will be unable to save since they will most likely have a "?" in them.)

这篇关于没有扩展名在网络上投放图像是否安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！