HTTP Connection: Content-Location and Content-Disposition support

[cookiengineer]

The HTTP Content-Location and Content-Disposition headers are currently unsupported. Many download scripts on the server side serve files this way, which means that it's cookie/session dependent and, more importantly, might not be reproducible for other users depending on what the session returned.

In order to minimize the amount of potential reproducibility issues, the current plan is to treat files serving these types of contents as URLs that redirect, and that these files themselves do not serve any content.

Necessary stealth/Request modifications:

• [ ] Content-Location should fire a redirect for the current URL (including its parameters).
• [ ] If Content-Disposition is inline, delete the header and ignore it.
• [ ] If Content-Disposition is attachment, parse out filename= parameter, append it to the current URL, and fire a redirect event.
• [ ] If Content-Disposition is attachment, and both filename* and filename are present as a parameter, delete filename*.
• [ ] If Content-Disposition is attachment, and only filename* is present as a parameter, parse out the header value according to RFC5987.

[LuLuElayne]

This is based on my findings in my own iPhone. It's been done without my permission!