Fix HTTP headers when downloading files (#2031)

#1796 introduced the usage of
Laravel's `Storage::download()` helper, which forced the browser to
download all files by default. This change was inconvenient for many
users who wanted to view simple text files.

This PR modifies the HTTP headers such that text files will be opened in
the browser, and binary files will be downloaded in all major browsers.
By setting the content-type to `text/plain`, the possibility of XSS
attacks is mitigated.

---------

Co-authored-by: Zack Galbreath <zack.galbreath@kitware.com>

Author: williamjallen

app/Http/Controllers/BuildController.php

@@ -26,7 +26,7 @@
 use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\View\View;
-use Symfony\Component\HttpFoundation\StreamedResponse;
+use Symfony\Component\HttpFoundation\BinaryFileResponse;
 use PDO;
 
 require_once 'include/repository.php';
@@ -846,7 +846,7 @@ public function files(int $build_id): View
             ->with('urls', $urls);
     }
 
-    public function build_file(int $build_id, int $file_id) : StreamedResponse
+    public function build_file(int $build_id, int $file_id): BinaryFileResponse
     {
         $this->setBuildById($build_id);
 
@@ -858,7 +858,10 @@ public function build_file(int $build_id, int $file_id) : StreamedResponse
         $uploadFile = new UploadFile();
         $uploadFile->Id = $file_id;
         $uploadFile->Fill();
-        return Storage::download("upload/{$uploadFile->Sha1Sum}", $uploadFile->Filename);
+        return response()->file(Storage::path("upload/{$uploadFile->Sha1Sum}"), [
+            "Content-Type" => "text/plain",
+            "Content-Disposition" => "inline/attachment; filename={$uploadFile->Filename}",
+        ]);
     }
 
     public function ajaxBuildNote(): View