Force application/json content-type

thomasf35641124

01-05-2020

Hello,

 

We have an apple-app-site-association file located in /.well-known/apple-app-site-association which is being downloaded when requested thru a browser.  We would like the file to be displayed as json output instead.  Examining the headers shows the following:

 

Content-Disposition: attachment; filename="apple-app-site-association"

Content-Type: application/octet-stream

 

I assume that the Content-Type needs to be application/json or something other than octed-stream to prevent the file from downloading.  Is it possible to configure this somehow?  I have already tried setting a format in CRX as well as adding an exclusion to the Content Disposition Filter with no success.  Any help would be appreciated.

 

Thank you

Accepted Solutions (1)

Accepted Solutions (1)

sunjot16

Employee

01-05-2020

What's the extension of your apple-app-site-association file?

 

I created a sample json file, uploaded it under Assets in AEM. I tried to render it, but it was getting downloaded.

 

So, I unchecked Enable For All Resource Paths in /system/console/org.apache.sling.security.impl.ContentDispositionFilter and saved it.

ContentDispositionFilter.JPG

 

Then, I tried to render the same file, and now, it got rendered correctly.

JSONDisplayedInBrowser.JPG

 

I tried that in Incognito Window in Mozilla Firefox, with Disable Cache checkbox checked under Developer Tools' Network tab.

DisableCache_NetworkTab.JPG

 

 

Octect Stream is blacklisted in DAM Safe Binary Filter(/system/console/com.day.cq.dam.core.impl.servlet.DamContentDispositionFilter).

OctetStream.JPG

 

Try removing it from there, save it, and verify whether you are able to render the octet-stream file in the browser. However, it was blacklisted due to security reasons[1]. You can either remove this from the DAM Safe Binary Filter, or change your file extension to .json(and a valid json), whichever works for you.

 

Hope it works. 😊

 

[1] Content disposition filter is a security feature against XSS attacks on SVG files. https://helpx.adobe.com/experience-manager/6-4/sites/administering/using/content-disposition-filter....

 

Answers (0)