回形针：内容类型欺骗尝试上传.gpx文件

Question

道歉，如果这已被回答，我没有找到它。任何方向将不胜感激。

使用Rails 4.1.4，Paperclip 4.2.0和Simple Form 3.0.2。

Submit之后，我得到了has an extension that does not match its contents输出的错误信息。

在服务器窗口：

Started POST "/routes" for 127.0.0.1 at 2014-08-28 15:18:25 +0700 
Processing by RoutesController#create as HTML 
Parameters: {"utf8"=>"✓", "authenticity_token"=>"5BCHGBkwQH4mlnTVjy/PpD53mJKJpSmBXwXT/oul7yY=", "route"=>{"track_attributes"=>{"gpx"=>#<ActionDispatch::Http::UploadedFile:0x007fa89c9cd348 @tempfile=#<Tempfile:/var/folders/_g/6shs5yrj36n960wpt880ysl80000gn/T/RackMultipart20140828-42106-vi71nb>, @original_filename="Serge's tracks.gpx", @content_type="application/octet-stream", @headers="Content-Disposition: form-data; name=\"route[track_attributes][gpx]\"; filename=\"Serge's tracks.gpx\"\r\nContent-Type: application/octet-stream\r\n">}, "title"=>"Serge track", "description"=>"loop of hang dong", "distance"=>"", "total_ascent"=>""}, "commit"=>"Create Route"} 
Command :: file -b --mime '/var/folders/_g/6shs5yrj36n960wpt880ysl80000gn/T/f55fe48e09c9cc3ee6c6271fe94f407520140828-42106-1hgpby7.gpx' 
[paperclip] Content Type Spoof: Filename Serge's_tracks.gpx ([]), content type discovered from file command: application/xml. See documentation to allow this combination. 
(0.3ms) BEGIN 
Command :: file -b --mime '/var/folders/_g/6shs5yrj36n960wpt880ysl80000gn/T/f55fe48e09c9cc3ee6c6271fe94f407520140828-42106-62bkvh.gpx' 
[paperclip] Content Type Spoof: Filename Serge's_tracks.gpx ([]), content type discovered from file command: application/xml. See documentation to allow this combination. 
(0.8ms) ROLLBACK 

我一直没能找到说，在文档回形针文档。 运行file Serge\'s\ tracks.gpx --mime-type -b产生application/xml

我的MVC是这样的：

class Track < ActiveRecord::Base 
    belongs_to :route 
    has_attached_file :gpx 
    validates_attachment_content_type :gpx, :content_type => /application\/xml/ 
end 

class Route < ActiveRecord::Base 
    has_one :track, dependent: :destroy 
    accepts_nested_attributes_for :track 
    validates :title, presence: true 
end 

内RoutesController

def new 
    @route  = Route.new 
    @route.track = Track.new 
end 

def create 
    @route = Route.new(route_params) 
end 

def route_params 
    params.require(:route).permit(:title, :description, :distance, :total_ascent, track_attributes: [:gpx]) 
end 

的simple_form：

= simple_form_for @route do |r| 
    = r.simple_fields_for :track do |t| 
    = t.input :gpx 
    = r.input :title 
    = r.input :description 
    = r.input :distance 
    = r.input :total_ascent 
    = r.button :submit 

Answer 1

在本文章中提到：Paperclip gem spoofing error?和这篇文章http://robots.thoughtbot.com/prevent-spoofing-with-paperclip，通过显然绕过由Paperclip调用的命令file -b --mime-type解决了问题。

为此，我在config/initializers中创建了一个paperclip.rb文件。

Paperclip.options[:content_type_mappings] = { 
    :gpx => 'application/xml' 
} 

虽然问题解决了，我仍然困惑，为什么这个问题时，file命令返回一个正确的结果，同时也好奇其中的PARAMS的@content_type="application/octet-stream"是来自存在。