[Bese-devel] serve-file and content-disposition

Clinton Ebadi clinton at unknownlamer.org
Thu May 27 15:45:32 UTC 2010 

Anton Rizov <anton.rizov at gmail.com> writes:

> Hi,
>
> serve-file method doesn't expose content-disposition parameter. Is
> that intentional?.
>
> I was looking at how to serve static content with ucw and found
> serve-file.  Unfortunately it assumes that content disposition is
> "attachment" and doesn't provide a way for one to specify an
> alternative.
>
> It was easy to change it, so that it could be used as:
>
> (serve-file (make-pathname ...)
>             :content-disposition "inline"
>             :content-type "text/html; charset=\"...\"")
>
> but I'm wondering whether there is a reason or it's only a matter of
> unintentional omission.
>
> Is "attachment" really the preferred way to serve static content,
> especially for html files? I tried using
> static-roots-application-mixin and was surprised to see download
> dialog opening.

The file serving parts of UCW have received little love. They /work/,
but not much more...

Regarded content disposition, I am unsure that anything other than
attachment makes sense. See 19.5.1 of [0]:

        content-disposition = "Content-Disposition" ":"
                              disposition-type *( ";" disposition-parm )
        disposition-type = "attachment" | disp-extension-token
        disposition-parm = filename-parm | disp-extension-parm
        filename-parm = "filename" "=" quoted-string
        disp-extension-token = token
        disp-extension-parm = token "=" ( token | quoted-string )

AFAICT from this attachment is the only standard content disposition for
HTTP 1.1, and anything else is an extension. According to [1] it is not
even a standard part of HTTP and has security issues, and so I am now
leaning toward just not setting it at all.

Does anyone else have an opinon? If not I will go ahead with removing
content disposition entirely.

[0] http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1
[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.5

-- 
Ethan: i'm working on myself
Ethan: the self is the most important thing
Ethan: i learned this from a packet of tea
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 229 bytes
Desc: not available
URL: <https://mailman.common-lisp.net/pipermail/bese-devel/attachments/20100527/99385ccb/attachment.sig>

More information about the bese-devel mailing list