Adding SVG MIME type for 1und1 Windows Hosting

Tags:
SVG
1&1

External SVG files are not allowed with 1&1 Windows Hosting

Adding external SVG files is more and more populare in resent projects and it will spread the use cases and applications were it can be used.

The Default setting for a 1und1 Windows Hosting packacke don't support SVG-files and show the 404 error page for not found. [1]

One reason why 1und1 SVG files not added in the default web.config files is SVGs can includes CSS and harmful Javascript code.
SVG is an XML-based format for vector graphics. Modern web browsers support it natively and allow it to be styled using CSS and manipulated using JavaScript. It is less well-known that SVG can contain its own JavaScript and can import external scripts and stylesheets. Consequently, from a browser security perspective, SVG must be treated like HTML; treating it like JPEG will lead to great suffering. [2]

A SVG file is canceled, but the MIME-Type is not known

Add the MIME-type in the ASP.NET web.config

Use the mimeMap element between the staticContent and put in in the syste.webServer decleartion.

Remove the extension first, before adding it again. Some errors occurred because each extension can be added once!

	...
	<remove fileExtension=".svg"/>
	<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
	<remove fileExtension=".svgz"/>
	<mimeMap fileExtension=".svgz" mimeType="image/svg+xml" />
	...

Here a sample web.config which you can put on the web-server.

Add the SVG MIME-Type in the web.config, a SVG-file can be loaded as external file


[1] Already configured MIME types for 1und1 Windows Hosting: 1&1 Help Center - Specify Additional MIME Types
[2] Blackhat USA 2014, Rennie DeGraaf (PDF): "SVG: EXPLOITING BROWSERS WITHOUT IMAGE PARSING BUGS"

© Kometschuh.de | Impressum | GitHub | Facebook |