我发现以下 asp 代码在从数据库提供文件时非常有用:
I have found the following asp code to be very useful when serving files from a database:
Response.AppendHeader("content-disposition", "attachment; filename=" + fileName);这让用户可以将文件保存到他们的计算机上,然后决定如何使用它,而不是浏览器尝试使用该文件.
This lets the user save the file to their computer and then decide how to use it, instead of the browser trying to use the file.
使用 content-disposition 响应头还可以做什么?
What other things can be done with the content-disposition response header?
推荐答案请注意 RFC 6266 取代了下面引用的 RFC.第 7 节概述了一些相关的安全问题.
Note that RFC 6266 supersedes the RFCs referenced below. Section 7 outlines some of the related security concerns.
内容处置标头的权威是 RFC 1806 和 RFC 2183. 人们还设计了 content-disposition hacking. 请务必注意,content-disposition 标头不是 HTTP 1.1 标准的一部分.
The authority on the content-disposition header is RFC 1806 and RFC 2183. People have also devised content-disposition hacking. It is important to note that the content-disposition header is not part of the HTTP 1.1 standard.
HTTP 1.1 标准 (RFC 2616) 还提到了可能的安全副作用内容配置:
The HTTP 1.1 Standard (RFC 2616) also mentions the possible security side effects of content disposition:
15.5 内容处置问题
15.5 Content-Disposition Issues
RFC 1806 [35],其中经常实施内容处置(请参阅第 19.5.1 节)HTTP 中的标头是派生的,有很多很严重的安全考虑.内容处置不是的一部分HTTP 标准,但由于它是广泛实施,我们记录其使用和风险实施者.参见 RFC 2183 [49](更新 RFC 1806)了解详情.
RFC 1806 [35], from which the often implemented Content-Disposition (see section 19.5.1) header in HTTP is derived, has a number of very serious security considerations. Content-Disposition is not part of the HTTP standard, but since it is widely implemented, we are documenting its use and risks for implementors. See RFC 2183 [49] (which updates RFC 1806) for details.
更多推荐
在 HTTP 响应头中使用 content
发布评论