Thanks. Now I know that it can work even though it certainly not working for me! Here is the same style of test showing my robots path included w/ sling.content.disposition.excluded.paths.
curl -fs -u admin:admin 'http://localhost:4502/system/console/configMgr/org.apache.sling.security.impl.ContentDispositionFilter.json' [{"pid":"org.apache.sling.security.impl.ContentDispositionFilter","title":"Apache Sling Content Disposition Filter","description":"Request filter adding Content Disposition header with value 'attachment' for certain paths\/content types. Independent of the configuration only resource paths are covered which contain a property named 'jcr:data' or 'jcr:content\\jcr:data'.","properties":{"sling.content.disposition.paths":{"name":"Included Resource Paths & Content Types","optional":false,"is_set":true,"type":1,"values":[""],"description":"These resource paths are covered by the filter. Each entry is of the form '<path> [ : <excluded content type> {,<excluded content type>} ]'. Invalid entries are logged and ignored. <path> must be an absolute path and may contain a wildcard ('*') at the end, to match every resource path with the given path prefix. (sling.content.disposition.paths)"},"sling.content.disposition.excluded.paths":{"name":"Excluded Resource Paths","optional":false,"is_set":true,"type":1,"values":["\/libs\/cq\/ui\/resources\/0.html","\/etc\/dam\/viewers\/s7viewers\/html5\/s7sdkclose.html","\/etc\/dam\/viewers\/s7viewers\/html5\/CarouselViewer.html","\/etc\/dam\/viewers\/s7viewers\/html5\/eCatalogViewer.html","\/etc\/dam\/viewers\/s7viewers\/html5\/BasicVideoViewer.html","\/etc\/dam\/viewers\/s7viewers\/html5\/BasicZoomViewer.html","\/etc\/dam\/viewers\/s7viewers\/html5\/ZoomViewer.html","\/etc\/dam\/viewers\/s7viewers\/html5\/FlyoutViewer.html","\/etc\/dam\/viewers\/s7viewers\/html5\/SpinViewer.html","\/etc\/dam\/viewers\/s7viewers\/html5\/VideoViewer.html","\/etc\/dam\/viewers\/s7viewers\/html5\/MixedMediaViewer.html","\/etc\/dam\/viewers\/s7viewers\/html5\/InteractiveImage.html","\/etc\/dam\/viewers\/s7viewers\/html5\/InteractiveVideoViewer.html","\/etc\/dam\/viewers\/s7sdk\/2.9\/flash\/VideoPlayer.swf","\/etc\/dam\/viewers\/s7sdk\/dev\/flash\/VideoPlayer.swf","\/etc\/dam\/viewers\/s7sdk\/2.10\/flash\/VideoPlayer.swf","\/etc\/dam\/viewers\/s7sdk\/2.11\/flash\/VideoPlayer.swf","\/etc\/clientlibs\/foundation\/shared\/endorsed\/swf\/slideshow.swf","\/etc\/dam\/viewers\/s7sdk\/3.0\/flash\/VideoPlayer.swf","\/etc\/dam\/viewers\/s7sdk\/3.1\/flash\/VideoPlayer.swf","\/etc\/dam\/viewers\/s7sdk\/3.2\/flash\/VideoPlayer.swf","\/content\/dam\/path\/robots.txt"],"description":"These resource paths are excluded from the filter. Each resource path must be given as absolute and fully qualified path. Prefix matching\/wildcards are not supported. (sling.content.disposition.excluded.paths)"},"sling.content.disposition.all.paths":{"name":"Enable For All Resource Paths","optional":false,"is_set":true,"type":11,"value":true,"description":"This flag controls whether to enable this filter for all paths, except for the excluded paths defined by sling.content.disposition.excluded.paths. Setting this to 'true' leads to ignoring 'sling.content.disposition.path'. (sling.content.disposition.all.paths)"}},"bundleLocation":"","bundle_location":null,"service_location":""}]% curl -vfs -u admin:admin http://localhost:4502/content/dam/path/robots.txt * Trying ::1... * TCP_NODELAY set * Connected to localhost (::1) port 4502 (#0) * Server auth using Basic with user 'admin' > GET /content/dam/michigan-lsa/admin/robots.txt HTTP/1.1 > Host: localhost:4502 > Authorization: Basic YWRtaW46YWRtaW4= > User-Agent: curl/7.54.0 > Accept: */* > < HTTP/1.1 200 OK < Last-Modified: Thu, 14 Feb 2019 19:08:25 GMT < Content-Disposition: attachment < Content-Type: text/plain;charset=iso-8859-1 < Content-Length: 25 < User-agent: * * Connection #0 to host localhost left intact Disallow: /% > On Feb 19, 2019, at 11:55 AM, Joey Smith <joeysm...@gmail.com> wrote: > > Adding it to "Excluded Resource Paths" works correctly here for me: > > https://asciinema.org/a/RFi1kQyk4TCoaCoz5d1ss0o7b > > On Tue, Feb 19, 2019 at 7:28 AM Cris Rockwell <cmroc...@umich.edu> wrote: > >> Thanks for the reply, but the suggestion does not work. After repeatedly >> testing various values and configurations, I have found neither >> sling.content.disposition.excluded.paths or sling.content.disposition.paths >> do anything. Perhaps they won't work when >> sling.content.disposition.all.paths is true? >> >> The link was not useful as documentation since it points to the source, >> which define the configuration attribute names and descriptions. The names >> and descriptions are already obvious when opening the config via >> /system/console/configMgr >> >> Has anyone else successfully set either >> sling.content.disposition.excluded.paths or sling.content.disposition.paths >> in org.apache.sling.security version 1.1.12? >> >> >> >>> On Feb 18, 2019, at 4:55 PM, Andres Bott <cont...@andresbott.com> wrote: >>> >>> Hey Chris >>> >>> I think defining an extension as part of the path would cause this not >> to work, >>> since the extension is not part of the requests path (your examples) >>> >>> as fas as I can remember, this should look more like: >>> >>> "/content/path/*:text/plain" this means apply the filter for every path >> bellow content/path except for requests to mime/type text requests. >>> >>> if you need to pinpoint to the robots txt, you could try: >> "/content/path/robots:text/plain" >>> >>> unfortunately the best documentation i found back when I had to deal >> with this was: >> https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ContentDispositionFilterConfiguration.java >>> >>> HTH >>> >>> Andres >>> >>> >>> El 2019-02-18 22:00, Cris Rockwell escribió: >>>> Hello Sling Users >>>> I am working on an upgrade and have found the changes to >>>> org.apache.sling.security.impl.ContentDispositionFilter present >>>> problems with rendering robots.txt (text/plain) from a location >>>> managed under the dam. After the upgrade it has the header >>>> Content-Disposition: attachment. As a result we have started seeing >>>> our testing URL’s in search results, which indicates the search-bots >>>> are not opening and reading >>>> org.apache.sling.security version 1.1.2 ContentDispositionFilter >> had a >>>> ranking of -2500 (txt file renders) >>>> org.apache.sling.security version 1.1.12 ContentDispositionFilter >> had >>>> a ranking of 25000 (txt file downloads) >>>> My attempts to configure Apache Sling Content Disposition Filter have >>>> failed. Adding the fully qualified path to "Excluded Resource Paths" >>>> does not work. My question related to the section titled "Included >>>> Resource Paths & Content Types.” There is a cryptic instruction copied >>>> below. What does this mean? Please provide en example specifying the >>>> path, excluded content types >>>>> These resource paths are covered by the filter. Each entry is of the >> form '<path> [ : <excluded content type> {,<excluded content type>} ]'. >> Invalid entries are logged and ignored. <path> must be an absolute path and >> may contain a wildcard ('*') at the end, to match every resource path with >> the given path prefix. (sling.content.disposition.paths) >>>> I have guessed at different entries, but they do not take affect. >>>> /content/path/robots.txt[text/plain] >>>> /content/path/robots.txt [text/plain] >>>> /content/path/robots.txt:text/plain >>>> If I uncheck "Enable For All Resource Paths” in the Apache Sling >>>> Content Disposition Filter, then the header Content-Disposition: >>>> attachment goes away and it renders as expected. But seems like an >>>> extreme solution especially given the fact that Content Disposition >>>> Filter was used and worked at the previous version mentioned. Please >>>> note that although I have provided some context about the a specific >>>> problem, my question is about how to configure "Included Resource >>>> Paths & Content Types” using path and mime types. >>>> Thanks! >>>> Cris >> >>
