Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Recommended way for content disposition configuration

kishorekumar14
Level 8
Level 8

Hi guys,

 

Suppose if i want to allow the PDFs to view in browser instead of downloading, May i know which method is recommended way to do it ?

 

1. Setting content disposition config in dispatcher

 

or

 

2. Allowing it through Apache Sling Content Disposition Filter (org.apache.sling.security.impl.ContentDispositionFilter) OSGI Configuration ?

1 Accepted Solution
asutosh_jena
Correct answer by
Community Advisor
Community Advisor

@kishorekumar14 I believe your dispatcher would have taken care of all the security measures. But if you do not want to disable this completely then you can go for the below option. It will enable the filter on all path except pdfs under /content.

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
jcr:primaryType="sling:OsgiConfig"
sling.content.disposition.paths="[/content/*:application/pdf]"/>

 

View solution in original post

7 Replies
Bhuwan_B
Community Advisor
Community Advisor

@kishorekumar14  You can implement your usecase using Apache Sling Content Disposition Filter [Refer below Documentation].

https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/content-disposi...

Note: I dont see any cons acheiving it through dispatcher either but Apache Sling Content Disposition Filter is what i see in the documentation.

asutosh_jena
Community Advisor
Community Advisor

Hi @kishorekumar14 

 

It is recommended to keep the configs at the OSGi level if it can be re-used across instances. So in this case I believe you want to apply this specific rules on all the publish instance or on all instance.

So keeping it at the OSGi level will be the recommended here.

 

org.apache.sling.security.impl.ContentDispositionFilter.xml

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
jcr:primaryType="sling:OsgiConfig"
sling.content.disposition.all.paths="{Boolean}false"
sling.content.disposition.excluded.paths="[/content/project/abc/pdf1.pdf,/content/project/abc/pdf1.pdf]"/>

 

Here is an article regarding the same:

http://www.sgaemsolutions.com/2019/10/aempdf-is-getting-downloded-instead-of.html

 

Hope this helps!

Thanks! 

kishorekumar14
Level 8
Level 8

Thanks for you reply @asutosh_jena , But still regex/wildcard is not supported for Excluded Paths i guess. If i want to allow for all the PDFs may i know how to do it ?  

 

Allowing wildcard request reference ticket still no updates.

https://issues.apache.org/jira/browse/SLING-6106 

 

asutosh_jena
Community Advisor
Community Advisor

@kishorekumar14  If you want to apply for all the PDFs then you can just add the below config and it will take care.

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
jcr:primaryType="sling:OsgiConfig"
sling.content.disposition.all.paths="{Boolean}false"/>

Thanks! 

kishorekumar14
Level 8
Level 8

It will disable the disposition filter for all, Considering security i don't want to disable for all, for time being i need only for PDF. So checking if there is a way to exclude filter only for it.

asutosh_jena
Correct answer by
Community Advisor
Community Advisor

@kishorekumar14 I believe your dispatcher would have taken care of all the security measures. But if you do not want to disable this completely then you can go for the below option. It will enable the filter on all path except pdfs under /content.

 

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0" xmlns:jcr="http://www.jcp.org/jcr/1.0"
jcr:primaryType="sling:OsgiConfig"
sling.content.disposition.paths="[/content/*:application/pdf]"/>

 

View solution in original post