Markus Mahlmann created CXF-9207:
------------------------------------
Summary: Improve multipart Content-Disposition formatting
(optional space after form-data;) for better interoperability with strict WAFs
Key: CXF-9207
URL: https://issues.apache.org/jira/browse/CXF-9207
Project: CXF
Issue Type: Improvement
Affects Versions: 4.1.5
Reporter: Markus Mahlmann
We are using Apache CXF to send multipart/form-data requests, and we noticed
that CXF currently generates {{Content-Disposition}} headers without a space
after {{{}form-data;{}}}. For example, one of the parts is sent as:
{code:java}
Content-Disposition: form-data;name="issuer" {code}
According to the relevant RFCs, this is perfectly valid and
standards-compliant. However, our customer has a Web Application Firewall (WAF)
in front of their system that expects a space after {{form-data;}} and rejects
requests that do not follow this exact formatting.
So we need it to be:
{code:java}
Content-Disposition: form-data; name="issuer" {code}
In addition, most public examples of {{Content-Disposition}} headers (for
instance in the MDN documentation:
[https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Disposition#examples])
also include a space after {{form-data}}
It would be very helpful from an interoperability perspective if CXF could:
* either add a space after {{form-data;}} in the {{Content-Disposition}}
header by default, or
* provide a configuration option / extension point that allows customizing the
exact formatting of the {{Content-Disposition}} header for multipart parts.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
