(file: FileResponse)
| 206 | } |
| 207 | |
| 208 | export function createFileResponse(file: FileResponse): NextResponse { |
| 209 | const { contentType, disposition } = getSecureFileHeaders(file.filename, file.contentType) |
| 210 | |
| 211 | const headers: Record<string, string> = { |
| 212 | 'Content-Type': contentType, |
| 213 | 'Content-Disposition': `${disposition}; ${encodeFilenameForHeader(file.filename)}`, |
| 214 | 'Cache-Control': file.cacheControl || 'public, max-age=31536000', |
| 215 | 'X-Content-Type-Options': 'nosniff', |
| 216 | } |
| 217 | |
| 218 | if (contentType === 'image/svg+xml') { |
| 219 | headers['Content-Security-Policy'] = "default-src 'none'; style-src 'unsafe-inline'; sandbox;" |
| 220 | } |
| 221 | |
| 222 | return new NextResponse(file.buffer as BodyInit, { status: 200, headers }) |
| 223 | } |
| 224 | |
| 225 | export function createErrorResponse(error: Error, status = 500): NextResponse { |
| 226 | const statusCode = |
no test coverage detected