hi Betrand, try again, it seems my previously mail got lost somewhere :S On Aug 8, 2014, at 7:43 AM, Bertrand Delacretaz <[email protected]> wrote:
> Hi, > > About SLING-3829, what's the suggested usage scenario? > > Is that about configuring some request paths, with wildcards, so that > Content-Disposition:something is added to all responses? the use case is the following one. Allowing users to upload a file on a sensitive domain is dangerous (e.g. a crafted SWF file). One way to defend about it is to have a sandbox (or sub domain) but this more and operational defense. At application level we can add a filter that force to download the file (hence Content-Disposition ) for some user specific paths (e.g. content/forum/comments) for some specific and configurable content-type (e.g. application/x-shockwave-flash) I hope this sheds some light regards antonio > > It might be good to trigger this based on either request or resource > path, extension, resource type...I'm not sure, so would appreciate > more details on the intentions. > > -Bertrand
