Each Web Application in SharePoint 2010 and 2013 has an AllowedInlineDownloadedMimeTypes property within which a list of trusted file (MIME) types exists. Firstly, there is no “untrusted” list, only a “trusted” list. It is safe to assume that if a MIME type is not included in this list, it is untrusted by default and is subject to the “X-Download-Options: noopen” HTTP Response header. The most common example of this is PDF documents, MIME type “application/pdf”.
In the SharePoint 2010 Management Shell, you can easily find out which types are trusted out of the box by executing the following PowerShell snippet:
Get-SPWebApplication "http://yourwebapplicationurl" | Foreach-Object {$_.AllowedInlineDownloadedMimeTypes}
You could also use the following snippet to achieve the same output:
$webApplication = Get-SPWebApplication "http://yourwebapplicationurl"
$webApplication.AllowedInlineDownloadedMimeTypes
Again, it is important to note that each web application has its own AllowedInlineDownloadedMimeTypes property.
No comments:
Post a Comment