[ https://issues.apache.org/jira/browse/OFBIZ-6702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14989221#comment-14989221 ]
Gareth Carter commented on OFBIZ-6702: -------------------------------------- Here is an interesting link about security https://code.google.com/p/browsersec/wiki/Part2 https://tools.ietf.org/html/rfc6266 {quote} On the other hand, if it matches "inline" (case-insensitively), this implies default processing. Therefore, the disposition type "inline" is only useful when it is augmented with additional parameters, such as the filename (see below). {quote} Seems like specifying inline is the equivalent of not adding Content-Disposition. > Update SimpleContentViewHandler to return mime type on file extension and use > inline for content-disposition > ------------------------------------------------------------------------------------------------------------ > > Key: OFBIZ-6702 > URL: https://issues.apache.org/jira/browse/OFBIZ-6702 > Project: OFBiz > Issue Type: Improvement > Components: content > Affects Versions: Trunk > Reporter: Gareth Carter > Assignee: Jacques Le Roux > Priority: Trivial > Attachments: ContentDisposition.patch, OFBIZ-6702.patch, > SimpleContentViewHandler.java.patch > > > SimpleContentViewHandler will return mime type 'text/html' for all > DataResource values without a specified mimeTypeId. Changing to > DataResourceWorker.getMimeType will allow determining the mimeTypeId by file > extension > Fixing the mime type will allow the browsers to display content inline if > UtilHttp is updated aswell. All unknown extensions will be set to > octet-stream causing the browser to prompt for download -- This message was sent by Atlassian JIRA (v6.3.4#6332)