Force application/json content-type | Adobe Higher Education
Skip to main content
thomasf35641124
thomasf35641124
May 1, 2020
Répondu

Force application/json content-type

Hello,

 

We have an apple-app-site-association file located in /.well-known/apple-app-site-association which is being downloaded when requested thru a browser.  We would like the file to be displayed as json output instead.  Examining the headers shows the following:

 

Content-Disposition: attachment; filename="apple-app-site-association"

Content-Type: application/octet-stream

 

I assume that the Content-Type needs to be application/json or something other than octed-stream to prevent the file from downloading.  Is it possible to configure this somehow?  I have already tried setting a format in CRX as well as adding an exclusion to the Content Disposition Filter with no success.  Any help would be appreciated.

 

Thank you

Ce sujet a été fermé aux réponses.
Meilleure réponse par sunjot16

What's the extension of your apple-app-site-association file?

 

I created a sample json file, uploaded it under Assets in AEM. I tried to render it, but it was getting downloaded.

 

So, I unchecked Enable For All Resource Paths in /system/console/org.apache.sling.security.impl.ContentDispositionFilter and saved it.

 

Then, I tried to render the same file, and now, it got rendered correctly.

 

I tried that in Incognito Window in Mozilla Firefox, with Disable Cache checkbox checked under Developer Tools' Network tab.

 

 

Octect Stream is blacklisted in DAM Safe Binary Filter(/system/console/com.day.cq.dam.core.impl.servlet.DamContentDispositionFilter).

 

Try removing it from there, save it, and verify whether you are able to render the octet-stream file in the browser. However, it was blacklisted due to security reasons[1]. You can either remove this from the DAM Safe Binary Filter, or change your file extension to .json(and a valid json), whichever works for you.

 

Hope it works. 😊

 

[1] Content disposition filter is a security feature against XSS attacks on SVG files. https://helpx.adobe.com/experience-manager/6-4/sites/administering/using/content-disposition-filter.html

 

2 commentaires

sunjot16
Adobe Employee
sunjot16Adobe EmployeeRéponse
Adobe Employee
May 1, 2020

What's the extension of your apple-app-site-association file?

 

I created a sample json file, uploaded it under Assets in AEM. I tried to render it, but it was getting downloaded.

 

So, I unchecked Enable For All Resource Paths in /system/console/org.apache.sling.security.impl.ContentDispositionFilter and saved it.

 

Then, I tried to render the same file, and now, it got rendered correctly.

 

I tried that in Incognito Window in Mozilla Firefox, with Disable Cache checkbox checked under Developer Tools' Network tab.

 

 

Octect Stream is blacklisted in DAM Safe Binary Filter(/system/console/com.day.cq.dam.core.impl.servlet.DamContentDispositionFilter).

 

Try removing it from there, save it, and verify whether you are able to render the octet-stream file in the browser. However, it was blacklisted due to security reasons[1]. You can either remove this from the DAM Safe Binary Filter, or change your file extension to .json(and a valid json), whichever works for you.

 

Hope it works. 😊

 

[1] Content disposition filter is a security feature against XSS attacks on SVG files. https://helpx.adobe.com/experience-manager/6-4/sites/administering/using/content-disposition-filter.html

 

    thomasf35641124
    thomasf35641124Auteur
    May 8, 2020

    Thank you so much for the reply!  The file does not have an extension. The file does render correctly when I completely disable the filter. Do you happen to know how to configure the filter for one specific path? I have tried numerous different configurations with exclude and include and the only thing that seems to work is unchecking the box to completely disable.

    iamnjain
    Community Advisor
    iamnjainCommunity Advisor
    Community Advisor
    February 23, 2023

    Hi @thomasf35641124 ,

     

    We have a similar requirement. We are on first stage of it.

    We have a apple-app-site-association file and need to place in AEM Server which is accessible at https://<fully qualified domain>/.well-known/apple-app-site-association.

    Do you know where we can place this file in AEM? 

    K
    KanikaAr
    September 9, 2024

    @iamnjain  Are you able to fix this? If yes, could you please update where you have placed that?

    Conditions d'utilisationAccessibility statement

    Loading footer...