[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14490309#comment-14490309 ] Rob Ryan commented on SLING-3829: - [~asanso] in thinking about this filter I don't think it's rejection of '*' to whitelist all mimetypes is appropriate. Given a subtree say /i/am/trusted with appropriate access controls one might wish to serve anything from it, *but* the same might not be said of /i/am/not/trusted... Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor Fix For: Security 1.0.10 Attachments: ContentDispositionFilter.java, SLING-3829-patch.txt In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14484993#comment-14484993 ] Antonio Sanso commented on SLING-3829: -- [~alexander.klimetschek] let's track the performance improvement in a new JIRA... Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor Fix For: Security 1.0.10 Attachments: ContentDispositionFilter.java, SLING-3829-patch.txt In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14395752#comment-14395752 ] Radu Cotescu commented on SLING-3829: - Yup, it's here - https://github.com/apache/sling/blob/trunk/contrib/extensions/validation/core/src/main/java/org/apache/sling/validation/impl/util/Trie.java. Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor Fix For: Security 1.0.10 Attachments: ContentDispositionFilter.java, SLING-3829-patch.txt In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14393316#comment-14393316 ] Robert Munteanu commented on SLING-3829: I recall [~radu.cotescu] mentioning that we have a trie implementation somewhere, maybe in the validation bundle? Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor Fix For: Security 1.0.10 Attachments: ContentDispositionFilter.java, SLING-3829-patch.txt In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14393160#comment-14393160
]
Alexander Klimetschek commented on SLING-3829:
--
The Trie concept can still be used for this - that example was just a different
use case. You can check if a leaf node was hit so that the path in the Trie was
a prefix to the string you search for – and if you don't hit a leaf node, you
know it's not a match.
http://www.geeksforgeeks.org/longest-prefix-matching-a-trie-based-solution-in-java/
https://gist.github.com/shawnchin/1607595
https://github.com/eclipse/jetty.project/blob/master/jetty-http/src/main/java/org/eclipse/jetty/http/PathMap.java
Sling might have something like this already for the /etc/map stuff or servlet
resolution... [~fmeschbe] Do you know?
Because this is a filter and we have optimizations like SLING-4544 going on, we
should be careful with the performance. I would argue that the
{{contentDispositionPaths.contains(pathInfo)}} check hurts performance for
99.9% of the requests where it will never match.
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
Fix For: Security 1.0.10
Attachments: ContentDispositionFilter.java, SLING-3829-patch.txt
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14390225#comment-14390225
]
Antonio Sanso commented on SLING-3829:
--
thanks [~cziegeler] you are right.
and thanks [~alexander.klimetschek] for the pointers.
The Trie though seems to be good to solve the inverse problem.
In the example you have
{code}
// Trie of First Name - Person
TrieString, Person trie = new PatriciaTrieString,
Person(StringKeyAnalyzer.INSTANCE);
trie.put(Anna, person1);
trie.put(Alex, person2);
trie.put(Emma, person3);
trie.put(Patrick, person4);
trie.put(William, person5);
// Returns Alex
Map.EntryString, Person entry = trie.select(Al);
{code}
while we need something like
{code}
// Trie of First Name - Person
TrieString, Person trie = new PatriciaTrieString,
Person(StringKeyAnalyzer.INSTANCE);
trie.put(Anna, person1);
trie.put(Alex, person2);
trie.put(Emma, person3);
trie.put(Patrick, person4);
trie.put(William, person5);
// Returns Alex
Map.EntryString, Person entry = trie.select(Alexander);
{code}
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
Attachments: ContentDispositionFilter.java, SLING-3829-patch.txt
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14388688#comment-14388688 ] Carsten Ziegeler commented on SLING-3829: - [~asanso] I think the method setContentType(String type) can be improved. Right now, it's always going through all paths and all prefixes. The method can return as soon as it's calling setContentDisposition for one of the cases. There is no need to further check the other cases Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor Attachments: ContentDispositionFilter.java, SLING-3829-patch.txt In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14389109#comment-14389109
]
Alexander Klimetschek commented on SLING-3829:
--
You should use a [Trie|http://en.wikipedia.org/wiki/Trie] data structure for
that, commons-collections 4.0 has one:
* interface
[Trie|http://commons.apache.org/proper/commons-collections/javadocs/api-release/org/apache/commons/collections4/Trie.html]
and implementation
[PatriciaTrie|http://commons.apache.org/proper/commons-collections/javadocs/api-release/org/apache/commons/collections4/trie/PatriciaTrie.html]
* (I think these should be embedded and inlined in the sling bundle, usually
only commons 3.x is available as bundle in Sling environments).
* example: https://code.google.com/p/patricia-trie/wiki/Examples
* see also
http://stackoverflow.com/questions/5595780/space-efficient-collection-for-strings-with-common-prefixes-java-implementatio
The {{contentDispositionPaths.contains(pathInfo)}} check only happens rarely,
since the root paths that would be configured ({{/content/usergenerated}},
{{/content/dam}}) would rarely be requested directly. The startsWith checks
become costly the more configurations are present.
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
Attachments: ContentDispositionFilter.java, SLING-3829-patch.txt
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14367381#comment-14367381
]
Alexander Klimetschek commented on SLING-3829:
--
What is the {{UniversalExfiltrator.swf}} in the content-disposition header for?
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
Attachments: ContentDispositionFilter.java
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14367389#comment-14367389 ] Antonio Sanso commented on SLING-3829: -- ops sorry it is a refuse... updated the file Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor Attachments: ContentDispositionFilter.java In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14367367#comment-14367367 ] Antonio Sanso commented on SLING-3829: -- just in case we still want to go with the original Content-Disposition filter I added a basic strawman patch. This covers only the basic case. E.g. no exception based on content type. Also performance wise there are some concerns. the filter “complexity will be linear to the number of the configuration set in the filter (this can of course be improved) Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor Attachments: ContentDispositionFilter.java In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14357428#comment-14357428
]
Oliver Lietz commented on SLING-3829:
-
A package or project to throw in a blank AEM or Sling to test the rules would
help.
UrlRewriteFilter can be extended with
{{org.tuckey.web.filters.urlrewrite.Rule}}_s_.
We can extend Sling URL Rewriter with a mechanism to feed the {{UrlRewriter}}
with rules (OSGi services).
We need to find out, if these rule services have already access to all required
resources to make a decision if the filter kicks in.
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14336361#comment-14336361 ] Oliver Lietz commented on SLING-3829: - Indeed. Can you provide a package or project for testing? UrlRewriteFilter provides an extension mechanism which could be exploited. Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14336371#comment-14336371 ] Antonio Sanso commented on SLING-3829: -- [~olli] I am not clear what I am supposed to provide. I just used the configuration you suggested above. do you have any further details on this extension and how we can use ? Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14334947#comment-14334947
]
Oliver Lietz commented on SLING-3829:
-
This should work:
{noformat}
?xml version=1.0 encoding=utf-8?
!DOCTYPE urlrewrite PUBLIC -//tuckey.org//DTD UrlRewrite 4.0//EN
http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd;
urlrewrite
rule
from/usergenerated/*/from
set type=response-header name=Content-Dispositionattachment/set
/rule
rule
from/usergenerated/*/from
condition type=header name=Content-Typeimage/jpeg/condition
set type=response-header name=Content-Dispositioninline/set
/rule
/urlrewrite
{noformat}
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14335101#comment-14335101
]
Antonio Sanso commented on SLING-3829:
--
[~olli] thanks for the hint.
It did not work though.
AFAIU from the Turkey documentation
{code}
condition type=header name=Content-Typeimage/jpeg/condition
{code}
content-typeThe type of the imcoming request. (this is probably not that
useful)
i.e. request.getContentType()
when what it matters is the response content type... WDYT? any other idea?
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14333432#comment-14333432 ] Antonio Sanso commented on SLING-3829: -- [~olli] bq. then check for content type in an additional rule any hint on how I can achive this :S ? Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14322710#comment-14322710 ] Oliver Lietz commented on SLING-3829: - Then check for content type in an additional rule and (re)set header there. Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14322676#comment-14322676 ] Antonio Sanso commented on SLING-3829: -- [~olli] bq. You can exclude by extension, no? I wouldn't mix request's extension and response's content type specially on something that is a security concern as this issue Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14321549#comment-14321549
]
Oliver Lietz commented on SLING-3829:
-
You can exclude by extension, no?
Your {{from/}} could look like this: {{(?!.+\.jpg)(/usergenerated/.)}}.
{noformat}
import org.junit.Test;
import org.tuckey.web.filters.urlrewrite.utils.RegexPattern;
import org.tuckey.web.filters.urlrewrite.utils.StringMatchingMatcher;
import org.tuckey.web.filters.urlrewrite.utils.StringMatchingPattern;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
public class PatternMatcherTest {
public static final String FROM = (?!.+\\.jpg)(/usergenerated/.);
@Test
public void testJpg() throws Exception {
final String url = /usergenerated/users/olli/profile.jpg;
final StringMatchingPattern pattern = new RegexPattern(FROM, true);
final StringMatchingMatcher matcher = pattern.matcher(url);
assertFalse(matcher.find());
}
@Test
public void testSwf() throws Exception {
final String url = /usergenerated/users/antonio/profile.swf;
final StringMatchingPattern pattern = new RegexPattern(FROM, true);
final StringMatchingMatcher matcher = pattern.matcher(url);
assertTrue(matcher.find());
}
}
{noformat}
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14320100#comment-14320100
]
Antonio Sanso commented on SLING-3829:
--
[~olli] so I have tried the UrlRewriteFilter and it basically works . Thanks.
One minus side on using it though is this.
I could easily set up to force content disposition attachment for a specific
path e.g.
{code}
?xml version=1.0 encoding=utf-8?!DOCTYPE urlrewrite PUBLIC
-//tuckey.org//DTD UrlRewrite 4.0//EN
http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd;urlrewriterulefrom/usergenerated/*/fromset
type=response-header
name=Content-Dispositionattachment/set/rule /urlrewrite
{code}
It would be harder though to exclude some mime type from the filter (e.g.
image/jpeg). WDYT?
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14278292#comment-14278292
]
Oliver Lietz commented on SLING-3829:
-
{{mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.urlrewritefilter/4.0.4_1}}
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[
https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14276610#comment-14276610
]
Antonio Sanso commented on SLING-3829:
--
[~olli] it looks like an option indeed thanks.
Question: which bundle do you use for
{code}
groupIdorg.tuckey/groupId
artifactIdurlrewritefilter/artifactId
{code}
?
Add support for Content-Disposition attachment
---
Key: SLING-3829
URL: https://issues.apache.org/jira/browse/SLING-3829
Project: Sling
Issue Type: Improvement
Components: Extensions
Reporter: Antonio Sanso
Assignee: Antonio Sanso
Priority: Minor
In some situation will be useful (and safer) to force Content-Disposition
attachment for some Content-Type (configurable ) under some specific (and
sensitive) path (configurable)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14239177#comment-14239177 ] Oliver Lietz commented on SLING-3829: - Should also be possible with [UrlRewriteFilter|http://urlrewritefilter.googlecode.com/svn/trunk/src/doc/manual/4.0/index.html] (SLING-3518), no? Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14235326#comment-14235326 ] Antonio Sanso commented on SLING-3829: -- adding mailing list thread http://sling.markmail.org/thread/2cvh26uo35nk2u73 Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Assignee: Antonio Sanso Priority: Minor In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14090320#comment-14090320 ] Antonio Sanso commented on SLING-3829: -- some random thought: for the configurable path filter we need to take in consideration vanityPath/alias and friends... Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Priority: Minor In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (SLING-3829) Add support for Content-Disposition attachment
[ https://issues.apache.org/jira/browse/SLING-3829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14090338#comment-14090338 ] Bertrand Delacretaz commented on SLING-3829: It might be good to clarify the usage scenario that you envision, I'll start a discussion on the dev list. Add support for Content-Disposition attachment --- Key: SLING-3829 URL: https://issues.apache.org/jira/browse/SLING-3829 Project: Sling Issue Type: Improvement Components: Extensions Reporter: Antonio Sanso Priority: Minor In some situation will be useful (and safer) to force Content-Disposition attachment for some Content-Type (configurable ) under some specific (and sensitive) path (configurable) -- This message was sent by Atlassian JIRA (v6.2#6252)
