You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Matt Ryan (JIRA)" <ji...@apache.org> on 2019/03/02 02:47:00 UTC
[jira] [Resolved] (OAK-8013) [Direct Binary Access]
DataRecordDownloadOptions creates invalid Content-Disposition headers
[ https://issues.apache.org/jira/browse/OAK-8013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Ryan resolved OAK-8013.
----------------------------
Resolution: Fixed
Fix Version/s: 1.10.2
> [Direct Binary Access] DataRecordDownloadOptions creates invalid Content-Disposition headers
> --------------------------------------------------------------------------------------------
>
> Key: OAK-8013
> URL: https://issues.apache.org/jira/browse/OAK-8013
> Project: Jackrabbit Oak
> Issue Type: Bug
> Components: blob-plugins
> Reporter: Alexander Klimetschek
> Assignee: Matt Ryan
> Priority: Major
> Fix For: 1.12, 1.10.2
>
>
> DataRecordDownloadOptions always adds the extended parameter filename* to the header, [without any escaping|https://github.com/apache/jackrabbit-oak/blob/trunk/oak-blob-plugins/src/main/java/org/apache/jackrabbit/oak/plugins/blob/datastore/directaccess/DataRecordDownloadOptions.java#L130].
> Such extended parameters must not include spaces (and only a small predefined list of basic ascii chars), otherwise they have to be percent encoded. The RFC is https://tools.ietf.org/html/rfc5987 and note the definition of value-chars in the grammar.
> Because of this, if a filename includes a space or another character that must be percent encoded, this currently creates an invalid header that fails to be parsed by other clients.
> See also https://github.com/jshttp/content-disposition/issues/24
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)