Enabling a whitelist of acceptable file types

To prevent direct opening of attachments that may contain harmful content, a content-disposition header has been added that instructs the browser to save the file attachment rather than opening it directly.

About this task

The downside of this is that attachments of known file types (jpg, pdf, and so on) that would have opened now requires additional steps for the customer. A whitelist mechanism has been implemented using two notes.ini file variables to allow customers to specify file types that should not be prevented from downloading.