Solved: Force application/json content-type - Adobe Experience League Community

View profile · 01-05-2020

Hello,

We have an apple-app-site-association file located in /.well-known/apple-app-site-association which is being downloaded when requested thru a browser. We would like the file to be displayed as json output instead. Examining the headers shows the following:

Content-Disposition: attachment; filename="apple-app-site-association"

Content-Type: application/octet-stream

I assume that the Content-Type needs to be application/json or something other than octed-stream to prevent the file from downloading. Is it possible to configure this somehow? I have already tried setting a format in CRX as well as adding an exclusion to the Content Disposition Filter with no success. Any help would be appreciated.

Thank you

thomasf35641124 · ‎08-05-2020

What's the extension of your apple-app-site-association file?

I created a sample json file, uploaded it under Assets in AEM. I tried to render it, but it was getting downloaded.

So, I unchecked Enable For All Resource Paths in /system/console/org.apache.sling.security.impl.ContentDispositionFilter and saved it.

Then, I tried to render the same file, and now, it got rendered correctly.

I tried that in Incognito Window in Mozilla Firefox, with Disable Cache checkbox checked under Developer Tools' Network tab.

Octect Stream is blacklisted in DAM Safe Binary Filter(/system/console/com.day.cq.dam.core.impl.servlet.DamContentDispositionFilter).

Try removing it from there, save it, and verify whether you are able to render the octet-stream file in the browser. However, it was blacklisted due to security reasons[1]. You can either remove this from the DAM Safe Binary Filter, or change your file extension to .json(and a valid json), whichever works for you.

Hope it works. 😊

[1] Content disposition filter is a security feature against XSS attacks on SVG files. https://helpx.adobe.com/experience-manager/6-4/sites/administering/using/content-disposition-filter....