S3 files have wrong Content-Type and cause browser opaque resource blocking #19729
Description
Describe the bug
Files uploaded to S3 (Ceph in my case) via Authentik all seem to have the content-type binary/octet-stream. Since X-Content-Type-Options is set to nosniff by default, my browser blocks all icon requests with the message A resource is blocked by OpaqueResponseBlocking, please check browser console for details.
How to reproduce
- Configure Authentik S3 with Ceph backend
- Upload an image, such as an svg
- File will have
Content-Type: binary/octet-stream
Expected behavior
The file should have the appropriate mime type, such as image/svg+xml.
One thing to note is that Authentik's UI shows the correct mime type, however it doesn't publish that to the S3 during upload. Perhaps during a file upload, Authentik can set the content-type header to the detected mime type from the file extension. Alternatively, an additional input field can be added, which is prepopulated with the detected mime type upon file selection to allow for editing if the extension mime type is incorrect.
Screenshots
No response
Additional context
Ceph Content-Type upload documentation
AWS Content-Type upload documentation
Both appear to be fully compatible in this case and simply want the Content-Type header to be set.
Deployment Method
Kubernetes
Version
2025.12.1
Relevant log output
Metadata
Metadata
Assignees
Type
Projects
Status