You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2016/11/16 12:55:58 UTC
[jira] [Resolved] (SLING-6271) ContentDispositionFilter can
suppress content type upon request forwarding
[ https://issues.apache.org/jira/browse/SLING-6271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Antonio Sanso resolved SLING-6271.
----------------------------------
Resolution: Fixed
Fix Version/s: Security 1.1.2
fixed in rev. r1769970. Applied patch from [~rryan[~rryan@adobe.com] (the simple one). Thanks
> ContentDispositionFilter can suppress content type upon request forwarding
> --------------------------------------------------------------------------
>
> Key: SLING-6271
> URL: https://issues.apache.org/jira/browse/SLING-6271
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Security 1.1.0
> Reporter: Rob Ryan
> Assignee: Antonio Sanso
> Fix For: Security 1.1.2
>
> Attachments: conservative.patch.txt, simple.patch.txt
>
>
> In SLING-4604 Alessandro Bonfatti noted a use case whereby a response would contain no Content-Type header despite a similar non-forwarded request would have a Content-Type. He further traced it to the ContentDispositionFilter and the change where I introduced a shortcut in cases the same content type was being set repeatedly.
> The scenario is:
> setContentType is called
> RequestDispatcher.forward is used to forward a request to a new servlet for further handling.
> setContentType is called.
> As of SLING-4604, the second setContentType call will be ignored if it sets the same content type. But even if it *is* the same, setContentType needs to be called again because request forwarding clears all headers with response.reset().
> I will attach two patches, one (simple) very simple, and the best performing. The other (conservative) is more complex, but should still perform adequately and is conservative in the following senses:
> It will always call super.setContentType when its setContentType is invoked.
> On each setContentType it will re-apply the Content-Disposition header if there is not one present and the 'attachment' value is called for by the configuration.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)