Content-Disposition is an optional header and allows the sender to indicate a default archival disposition; a filename. The optional "filename" parameter provides for this.
It is response-type header. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm. It is a general type header that allows the sender or client to specify options that are desired for that particular connection.
Note that RFC 6266 supersedes the RFCs referenced below. Section 7 outlines some of the related security concerns.
The authority on the content-disposition header is RFC 1806 and RFC 2183. People have also devised content-disposition hacking. It is important to note that the content-disposition header is not part of the HTTP 1.1 standard.
The HTTP 1.1 Standard (RFC 2616) also mentions the possible security side effects of content disposition:
15.5 Content-Disposition Issues
RFC 1806 [35], from which the often implemented Content-Disposition
(see section 19.5.1) header in HTTP is derived, has a number of very
serious security considerations. Content-Disposition is not part of
the HTTP standard, but since it is widely implemented, we are
documenting its use and risks for implementors. See RFC 2183 [49]
(which updates RFC 1806) for details.
Well, it seems that the Content-Disposition header was originally created for e-mail, not the web. (Link to relevant RFC.)
I'm guessing that web browsers may respond to
Response.AppendHeader("content-disposition", "inline; filename=" + fileName);
when saving, but I'm not sure.
Refer to RFC 6266 (Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)) https://www.rfc-editor.org/rfc/rfc6266
For asp.net users, the .NET framework provides a class to create a content disposition header: System.Net.Mime.ContentDisposition
Basic usage:
var cd = new System.Net.Mime.ContentDisposition();
cd.FileName = "myFile.txt";
cd.ModificationDate = DateTime.UtcNow;
cd.Size = 100;
Response.AppendHeader("content-disposition", cd.ToString());
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With