Tuesday, 30 September 2014

SharePoint Default Trusted file (MIME) types

Each Web Application in SharePoint 2010 and 2013 has an AllowedInlineDownloadedMimeTypes property within which a list of trusted file (MIME) types exists. Firstly, there is no “untrusted” list, only a “trusted” list. It is safe to assume that if a MIME type is not included in this list, it is untrusted by default and is subject to the “X-Download-Options: noopen” HTTP Response header. The most common example of this is PDF documents, MIME type “application/pdf”. 

In the SharePoint 2010 Management Shell, you can easily find out which types are trusted out of the box by executing the following PowerShell snippet:

Get-SPWebApplication "http://yourwebapplicationurl" | Foreach-Object {$_.AllowedInlineDownloadedMimeTypes}

You could also use the following snippet to achieve the same output: 

$webApplication = Get-SPWebApplication "http://yourwebapplicationurl"            

Again, it is important to note that each web application has its own AllowedInlineDownloadedMimeTypes property. 

No comments:

Post a Comment