Macro-enabled Excel workbooks incorrectly identified as non-macro-enabled content type #115
Description
Marcel version: 1.0.4
Ruby version: 3.2.3
Rails version: 7.1.3.2
Issue:
Uploading a .xlsm file (Excel macro-enabled workbook). ActionDispatch::Http::UploadedFile carries the correct content-type definition of application/vnd.ms-excel.sheet.macroenabled.12.
Marcel::MimeType#for and Marcel::Magic.by_magic for this file return application/vnd.openxmlformats-officedocument.spreadsheetml.sheet, the expected content-type for a non-macro-enabled workbook.
This causes problems when uploading .xlsm files to S3, which uses the content type to determine the extension of the file upon download. As a result, uploaded .xlsm files are being downloaded from S3 as .xlsx files, which refuse to open due to the incorrect content type.
At a glance, it appears that application/vnd.ms-excel.sheet.macroenabled.12 isn't provided as an option in Marcel::MAGIC.
Workaround:
As a workaround, one can pass the extension only, which does produce the correct content-type. However there are obvious security risks around this approach.