Hello @cn0341,
This is a known security fix at Sling level, and the disposition filter is added to force this behavior. See [0].
To undo this behavior, you can disable the component [1] or allow the mime type.
[0]: SLING-4883 Extend content disposition filter protection to jcr:data
[1]: org.apache.sling.security.impl.ContentDispositionFilter
[2]: http://<host:port>/system/console/components/org.apache.sling.security.impl.ContentDispositionFilter
OR
To allow SVGs to be opened in a browser, you can follow below steps:-
- Open org.apache.sling.security.impl.ContentDispositionFilter configuration, and allow below mime type in Included Resource Paths & Content Types.
/content/*:image/svg+xml
- Uncheck "Enable For All Resource Paths”.
Thanks!!