HTTP响应头中内容处置的使用 [英] Uses of content-disposition in an HTTP response header

问题描述

我发现以下asp.net代码在从数据库提供文件时非常有用：

I have found the following asp.net code to be very useful when serving files from a database:

Response.AppendHeader("content-disposition", "attachment; filename=" + fileName);

这可以让用户将文件保存到他们的计算机然后决定如何使用它，而不是浏览器试图使用该文件。

This lets the user save the file to their computer and then decide how to use it, instead of the browser trying to use the file.

内容处置响应头可以做些什么？

What other things can be done with the content-disposition response header?

推荐答案

内容处置标题的权限是 RFC 1806 和 RFC 2183. 人们还设计了内容处置黑客。重要的是要注意内容处置标头不是HTTP 1.1标准的一部分。

The authority on the content-disposition header is RFC 1806 and RFC 2183. People have also devised content-disposition hacking. It is important to note that the content-disposition header is not part of the HTTP 1.1 standard.

HTTP 1.1标准（ RFC 2616 ）还提到了内容处理可能带来的安全副作用：

The HTTP 1.1 Standard (RFC 2616) also mentions the possible security side effects of content disposition:

15.5 Conten t-Disposition问题

15.5 Content-Disposition Issues

RFC 1806 [35]，通常
实施内容处置

（见第19.5.1节） HTTP中的标头是
派生的，有一些非常好的
严重的安全考虑因素。
Content-Disposition不是HTTP标准的
的一部分，但由于它是
广泛实施，我们是
记录其使用和$ b的风险$ b实现者。有关详细信息，请参阅RFC 2183 [49]

（更新RFC 1806）。

RFC 1806 [35], from which the often implemented Content-Disposition
(see section 19.5.1) header in HTTP is derived, has a number of very
serious security considerations. Content-Disposition is not part of
the HTTP standard, but since it is widely implemented, we are
documenting its use and risks for implementors. See RFC 2183 [49]
(which updates RFC 1806) for details.

请注意 RFC 6266 取代下面引用的RFC。 第7节概述了一些相关的安全问题。

Note that RFC 6266 supersedes the RFCs referenced below. Section 7 outlines some of the related security concerns.

这篇关于HTTP响应头中内容处置的使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！