[
https://issues.apache.org/jira/browse/OFBIZ-6702?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14989221#comment-14989221
]
Gareth Carter commented on OFBIZ-6702:
--------------------------------------
Here is an interesting link about security
https://code.google.com/p/browsersec/wiki/Part2
https://tools.ietf.org/html/rfc6266
{quote}
On the other hand, if it matches "inline" (case-insensitively), this
implies default processing. Therefore, the disposition type "inline"
is only useful when it is augmented with additional parameters, such
as the filename (see below).
{quote}
Seems like specifying inline is the equivalent of not adding
Content-Disposition.
> Update SimpleContentViewHandler to return mime type on file extension and use
> inline for content-disposition
> ------------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-6702
> URL: https://issues.apache.org/jira/browse/OFBIZ-6702
> Project: OFBiz
> Issue Type: Improvement
> Components: content
> Affects Versions: Trunk
> Reporter: Gareth Carter
> Assignee: Jacques Le Roux
> Priority: Trivial
> Attachments: ContentDisposition.patch, OFBIZ-6702.patch,
> SimpleContentViewHandler.java.patch
>
>
> SimpleContentViewHandler will return mime type 'text/html' for all
> DataResource values without a specified mimeTypeId. Changing to
> DataResourceWorker.getMimeType will allow determining the mimeTypeId by file
> extension
> Fixing the mime type will allow the browsers to display content inline if
> UtilHttp is updated aswell. All unknown extensions will be set to
> octet-stream causing the browser to prompt for download
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
