Adobe Experience Manager Sites & More

Kishore_Kumar_ · 8/20/21

Hi guys,

Suppose if i want to allow the PDFs to view in browser instead of downloading, May i know which method is recommended way to do it ?

1. Setting content disposition config in dispatcher

or

2. Allowing it through Apache Sling Content Disposition Filter (org.apache.sling.security.impl.ContentDispositionFilter) OSGI Configuration ?

Asutosh_Jena_ · 8/20/21

@Kishore_Kumar_ I believe your dispatcher would have taken care of all the security measures. But if you do not want to disable this completely then you can go for the below option. It will enable the filter on all path except pdfs under /content.

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
    jcr:primaryType="sling:OsgiConfig"
    sling.content.disposition.paths="[/content/*:application/pdf]"/>

View solution in original post

Bhuwan_B · 8/20/21

@Kishore_Kumar_ You can implement your usecase using Apache Sling Content Disposition Filter [Refer below Documentation].

https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/content-disposi...

Note: I dont see any cons acheiving it through dispatcher either but Apache Sling Content Disposition Filter is what i see in the documentation.

Asutosh_Jena_ · 8/20/21

Hi @Kishore_Kumar_

It is recommended to keep the configs at the OSGi level if it can be re-used across instances. So in this case I believe you want to apply this specific rules on all the publish instance or on all instance.

So keeping it at the OSGi level will be the recommended here.

org.apache.sling.security.impl.ContentDispositionFilter.xml

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
    jcr:primaryType="sling:OsgiConfig"
    sling.content.disposition.all.paths="{Boolean}false"
    sling.content.disposition.excluded.paths="[/content/project/abc/pdf1.pdf,/content/project/abc/pdf1.pdf]"/>

Here is an article regarding the same:

http://www.sgaemsolutions.com/2019/10/aempdf-is-getting-downloded-instead-of.html

Hope this helps!

Thanks!

Kishore_Kumar_ · 8/20/21

Thanks for you reply @Asutosh_Jena_ , But still regex/wildcard is not supported for Excluded Paths i guess. If i want to allow for all the PDFs may i know how to do it ?

Allowing wildcard request reference ticket still no updates.

https://issues.apache.org/jira/browse/SLING-6106

Asutosh_Jena_ · 8/20/21

@Kishore_Kumar_ If you want to apply for all the PDFs then you can just add the below config and it will take care.

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
    jcr:primaryType="sling:OsgiConfig"
    sling.content.disposition.all.paths="{Boolean}false"/>

Thanks!

Kishore_Kumar_ · 8/20/21

It will disable the disposition filter for all, Considering security i don't want to disable for all, for time being i need only for PDF. So checking if there is a way to exclude filter only for it.

Asutosh_Jena_ · 8/20/21

@Kishore_Kumar_ I believe your dispatcher would have taken care of all the security measures. But if you do not want to disable this completely then you can go for the below option. It will enable the filter on all path except pdfs under /content.

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
    jcr:primaryType="sling:OsgiConfig"
    sling.content.disposition.paths="[/content/*:application/pdf]"/>

Kishore_Kumar_ · 8/20/21

Thank you @Asutosh_Jena_ . It works.

Adobe Experience Manager Sites & More

Recommended way for content disposition configuration

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe