im trying to avoid uploads of executables. I’m using this regex: “/^application/(x-dosexec|octet-stream|x-msdownload|vnd.microsoft.portable-executable|x-ms-dos-executable|x-msi)$/i”.
This works fine, as long as there is the right extension like “.exe”. Now I tried to rename the file extension to “.txt”, and it passes to rule.
It seems like the app is checking only the file extension, not the mime-type itself.
Is there any way to block upload for mime-types instead of blocking uploads of the extension?