Rob Ryan created SLING-6271:
-------------------------------
Summary: ContentDispositionFilter can suppress content type upon
request forwarding
Key: SLING-6271
URL: https://issues.apache.org/jira/browse/SLING-6271
Project: Sling
Issue Type: Bug
Components: Extensions
Affects Versions: Security 1.1.0
Reporter: Rob Ryan
In SLING-4604 Alessandro Bonfatti noted a use case whereby a response would
contain no Content-Type header despite a similar non-forwarded request would
have a Content-Type. He further traced it to the ContentDispositionFilter and
the change where I introduced a shortcut in cases the same content type was
being set repeatedly.
The scenario is:
setContentType is called
RequestDispatcher.forward is used to forward a request to a new servlet for
further handling.
setContentType is called.
As of SLING-4604, the second setContentType call will be ignored if it sets the
same content type. But even if it *is* the same, setContentType needs to be
called again because request forwarding clears all headers with
response.reset().
I will attach two patches, one (simple) very simple, and the best performing.
The other (conservative) is more complex, but should still perform adequately
and is conservative in the following senses:
It will always call super.setContentType when its setContentType is invoked.
On each setContentType it will re-apply the Content-Disposition header if there
is not one present and the 'attachment' value is called for by the
configuration.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
