Allow WebP and SVG content types in PhotoCache

[Peque]

• Resolves: Image not shown when using WebP instead of JPEG contacts#4190

Summary

It seems like CardDAV's PhotoCache is currently only supporting PNG, JPEG, GIF and ICO images.

Nextcloud intercepts GET requests on addressbook URLs ending with ?photo, and uses ALLOWED_CONTENT_TYPES to set the type name, returning 404 if the content type is not supported (not part of the allowed content types struct).

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• (N/A) Tests (unit, integration, api and/or acceptance) are included
• (N/A) Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)

[SebastianKrupinski]

@Peque that you for the PR.

I don't see any issues merging this PR other than our CI might not pass due to it coming from a fork. Stay tuned.

[st3iny]

Allowing webp images is fine.

However, allowing SVGs is a bit tricky because they pose security risks. They may contain arbitrary JavaScript code, which will be executed when they are rendered inline.

In avatars, they are only rendered using <img> tags which is mostly safe but I would still prefer to not allow them in the photo cache.

---

And yeah, we probably need to create another PR in the org to fix CI.

[Peque]

@st3iny I understand your concern. I removed SVG support from the MR so that, at least, WebP is supported (also updated the commit subject accordingly). 😊

[Peque]

@SebastianKrupinski @st3iny Friendly ping. 😇

[st3iny]

Tested and works. Thank you very much :)

[st3iny]

Continued here: #48943

[github-actions]

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)