Uses of content-disposition in an HTTP response header

后端 未结 6 456
旧巷少年郎
旧巷少年郎 2020-11-22 11:09

I have found the following asp.net code to be very useful when serving files from a database:

Response.AppendHeader(\"content-disposition\", \"attachment; fi         


        
相关标签:
6条回答
  • 2020-11-22 11:49

    Well, it seems that the Content-Disposition header was originally created for e-mail, not the web. (Link to relevant RFC.)

    I'm guessing that web browsers may respond to

    Response.AppendHeader("content-disposition", "inline; filename=" + fileName);
    

    when saving, but I'm not sure.

    0 讨论(0)
  • 2020-11-22 11:51

    This header is defined in RFC 2183, so that would be the best place to start reading.

    Permitted values are those registered with the Internet Assigned Numbers Authority (IANA); their registry of values should be seen as the definitive source.

    0 讨论(0)
  • 2020-11-22 12:06

    Note that RFC 6266 supersedes the RFCs referenced below. Section 7 outlines some of the related security concerns.

    The authority on the content-disposition header is RFC 1806 and RFC 2183. People have also devised content-disposition hacking. It is important to note that the content-disposition header is not part of the HTTP 1.1 standard.

    The HTTP 1.1 Standard (RFC 2616) also mentions the possible security side effects of content disposition:

    15.5 Content-Disposition Issues

    RFC 1806 [35], from which the often implemented Content-Disposition
    (see section 19.5.1) header in HTTP is derived, has a number of very
    serious security considerations. Content-Disposition is not part of
    the HTTP standard, but since it is widely implemented, we are
    documenting its use and risks for implementors. See RFC 2183 [49]
    (which updates RFC 1806) for details.

    0 讨论(0)
  • 2020-11-22 12:07

    Refer to RFC 6266 (Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)) http://tools.ietf.org/html/rfc6266

    0 讨论(0)
  • 2020-11-22 12:07

    For asp.net users, the .NET framework provides a class to create a content disposition header: System.Net.Mime.ContentDisposition

    Basic usage:

    var cd = new System.Net.Mime.ContentDisposition();
    cd.FileName = "myFile.txt";
    cd.ModificationDate = DateTime.UtcNow;
    cd.Size = 100;
    Response.AppendHeader("content-disposition", cd.ToString());
    
    0 讨论(0)
  • 2020-11-22 12:12

    Thought this KB article on Microsoft support section is related to the discussion here How to raise a file download dialog box for a known mime type

    0 讨论(0)
提交回复
热议问题