ics file mime type

Question

I'm trying to upload an ics file to my site. It was exported from iCal on Mac OSX. I thought that ics files had a mime type of text/calendar, but for some reason this file seems to be of type Application/octet-stream. This makes the upload fail my verification tests. Anyone have any ideas why the type isn't what I expect?!

score 32 · Answer 1 · answered Jan 29 '10 at 18:45

32

Try adding a content-type of text/calendar to the header. If you are just serving it up from Apache you can look for instruction here: http://httpd.apache.org/docs/1.3/mod/mod_mime.html

answered Jan 29 '10 at 18:45

jckdnk111

2,280
5
33
43

1

He is trying to *upload* an ics file. – Pekka Jan 29 '10 at 18:48
18

Ironically, this answer is useful for people like me who Googled the wrong term, but got the correct answer because of his assumption. +1 – QuickDanger Mar 04 '16 at 21:06
3

Thanks! Adding `header("content-type:text/calendar");` worked for me. Cheers. – RockwoodON Jul 27 '17 at 01:18

score 11 · Accepted Answer · answered Jan 29 '10 at 18:24

11

The MIME type is determined by the browser, and seemingly, your browser doesn't know the proper MIME type for an ics file. Never mind, just skip the MIME check and do some structural analysis (Is there a valid header, are any calendar records present, etc.)

The MIME type is of very limited use for validation anyway, as it can be freely modified by the client.

answered Jan 29 '10 at 18:24

Pekka

442,112
142
972
1,088

1

dude, you just said it is determined by the browser but that it can be freely modified by the client - which is it? – jckdnk111 Jan 29 '10 at 18:43
Thanks for that. I'll certainly use a different verification process. However, I'm still a bit confused. If I open the file directly in the browser window it displays the contents correctly. – musoNic80 Jan 29 '10 at 18:44
3

@jckdnk: It is determined by the browser (= the client). It can be faked (=freely modified) by an attacker simulating a browser. What's not clear to you? – Pekka Jan 29 '10 at 18:47
@musoNic80: Could that be because it uses the file extension to determine the type? – Pekka Jan 29 '10 at 18:47
Manual detection of the mime type via regular expressions, etc. is very expensive. There is an older, deprecated function for checking MIME types (mime_content_type) that was replaced by a PECL package that is much faster. This should be used rather than manual checking. – Andrew Sledge Jan 29 '10 at 18:51
@Pekka You tell me!!! I think it's probably best that I check the file extension and details in the content, as you suggested earlier. Are there any other checks I could do to make sure the file is safe before I open it to check the contents? – musoNic80 Jan 29 '10 at 19:04
What kind of file is ics? XML based? If it is, I don't think there is much that can go wrong even if somebody would try to upload a malicious file: The XML just wouldn't be rendered. – Pekka Jan 29 '10 at 20:25
@Pekka: I missed that he / she was uploading and therefore was the client / not the server. It was my misunderstanding. – jckdnk111 Jan 29 '10 at 21:44

score 1 · Answer 3 · answered Jun 06 '12 at 18:27

I'll add my two cents. Browsers in general look at the headers the server sends them to determine MIME type. If no MIME type is sent by the server, good browsers guess, all IE generally do not. The link to the apache docs above posted by jckdnk111 is a good resource.

ics file mime type

3 Answers3

Linked