在 HTTP 响应头中使用 content-disposition [英] Uses of content-disposition in an HTTP response header

问题描述

我发现以下 asp.net 代码在从数据库提供文件时非常有用:

I have found the following asp.net code to be very useful when serving files from a database:

Response.AppendHeader("content-disposition", "attachment; filename=" + fileName);

这让用户可以将文件保存到他们的计算机上，然后决定如何使用它，而不是浏览器尝试使用该文件.

This lets the user save the file to their computer and then decide how to use it, instead of the browser trying to use the file.

使用 content-disposition 响应头还可以做什么?

What other things can be done with the content-disposition response header?

推荐答案

请注意 RFC 6266 取代了下面引用的 RFC.第 7 节概述了一些相关的安全问题.

Note that RFC 6266 supersedes the RFCs referenced below. Section 7 outlines some of the related security concerns.

内容处置标头的权威是 RFC 1806 和 RFC 2183. 人们还设计了 content-disposition hacking. 请务必注意，content-disposition 标头不是 HTTP 1.1 标准的一部分.

The authority on the content-disposition header is RFC 1806 and RFC 2183. People have also devised content-disposition hacking. It is important to note that the content-disposition header is not part of the HTTP 1.1 standard.

HTTP 1.1 标准 (RFC 2616) 还提到了可能的安全副作用内容配置:

The HTTP 1.1 Standard (RFC 2616) also mentions the possible security side effects of content disposition:

15.5 内容处置问题

15.5 Content-Disposition Issues

RFC 1806 [35]，其中经常实施内容处置
(请参阅第 19.5.1 节)HTTP 中的标头是派生的，有很多很
严重的安全考虑.内容处置不是
的一部分HTTP 标准，但由于它是广泛实施，我们
记录其使用和风险实施者.参见 RFC 2183 [49]
(更新 RFC 1806)了解详情.

RFC 1806 [35], from which the often implemented Content-Disposition
(see section 19.5.1) header in HTTP is derived, has a number of very
serious security considerations. Content-Disposition is not part of
the HTTP standard, but since it is widely implemented, we are
documenting its use and risks for implementors. See RFC 2183 [49]
(which updates RFC 1806) for details.

这篇关于在 HTTP 响应头中使用 content-disposition的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！