search

AdobeDocs / experience-manager-65.en

This is the repository for Adobe Experience Manager 6.5 documentation. Your contributions to the documentation are welcome.
https://experienceleague.adobe.com/en/docs/experience-manager-65
Other
73 stars 114 forks source link

This description of Content-Disposition configuration is not clear #449

Open johnb4 opened 1 year ago

johnb4 commented 1 year ago

Issue in ./help/sites-administering/content-disposition-filter.md

There are two OSGi configurations that affect the "Content-Disposition" response header in AEM. This doc only mentions one of them, namely "Apache Sling Content Disposition Filter" (org.apache.sling.security.impl.ContentDispositionFilter). The description of the fields for this config is not clear. Here's a more precise definition (from Jira GRANITE-34680):

The Included Resource Paths & Content Types configuration is used to list the content on which this filter will be applied, i.e filter will block the access. And if Enable For All Resource Paths flag is true, the filter will be applied to all resources except resource paths mentioned in Excluded Resource Paths configuration ignoring anything present in Included Resource Paths & Content Types.

So, If you want a PDF to be opened in the browser inline, that PDF's absolute path should be added in the Excluded Resource Paths configuration.

The other OSGi configuration that affects Content-Disposition is "Dam Safe Binary Filter" (com.day.cq.dam.core.impl.servlet.DamContentDispositionFilter). This config defines the mimetypes served with the response header "Content-Disposition: attachment". The first one Blacklisted Mime Types really means "Set Content-Disposition response header to 'attachment' for these mime types". It has the default values "text/html", "application/octet-stream", and "image/svg+xml". The second one (Allow unknown mime types), the checkbox, can be interpreted as: If there is no mime type defined on the asset, then (1) if enabled, set Content-Disposition = inline, (2) if disabled, set Content-Disposition = attachment.

If you have a static HTML asset that you have stored in the DAM and desire that .html file to be rendered inline and not downloaded as an attachment, the Enable For All Resource Paths checkbox needs to be disabled (unchecked) in the "Apache Sling Content Disposition Filter" config and the value "text/html" needs to removed from the list of Blacklisted Mime Types in the "Dam Safe Binary Filter" config.

johnb4 commented 1 year ago

If you want a pdf to be opened in the browser inline, that pdf's absolute path should be added in the Excluded Resource Paths configuration, appended with "/jcr:content/renditions/original". An example: "/content/dam/folder1/file-xyz.pdf/jcr:content/renditions/original"

anujkapo commented 1 year ago

Thanks, @johnb4. We will look into it.

anujkapo commented 1 year ago

@adobe export issue to Jira project CQDOC

github-jira-sync-bot commented 1 year ago

:white_check_mark: Jira issue CQDOC-20810 is successfully created for this GitHub issue.