Permalink
Browse files

SHINDIG-1875

Committed For Erik Bi
File downloaded via Proxy always has name p.txt - Include file name on proxy URL because IE8 does not respect Content-Disposition

git-svn-id: https://svn.apache.org/repos/asf/shindig/trunk@1397011 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
1 parent c3b2cae commit d8071ac7550d7713735c39f61466d26207cf5970 @ryanjbaxter ryanjbaxter committed Oct 11, 2012
View
@@ -156,7 +156,7 @@
"core.io" : {
// Note: ${Cur['gadgets.uri.proxy.path']} is an open proxy. Be careful how you expose this!
// Note: These urls should be protocol relative (start with //)
- "proxyUrl" : "//${Cur['default.domain.unlocked.client']}${Cur['gadgets.uri.proxy.path']}?container=%container%&refresh=%refresh%&url=%url%%authz%%rewriteMime%",
+ "proxyUrl" : "//${Cur['default.domain.unlocked.client']}${Cur['gadgets.uri.proxy.path']}%filename%?container=%container%&refresh=%refresh%&url=%url%%authz%%rewriteMime%",
"jsonProxyUrl" : "//${Cur['default.domain.locked.client']}${CONTEXT_ROOT}/gadgets/makeRequest",
// Note: this setting MUST be supplied in every container config object, as there is no default if it is not supplied.
"unparseableCruft" : "throw 1; < don't be evil' >",
@@ -35,6 +35,7 @@
<dependency>core.json</dependency>
<dependency>core.util.base</dependency>
<dependency>core.util.urlparams</dependency>
+ <dependency>shindig.uri</dependency>
<all>
<script src="io.js"/>
<script src="taming.js" caja="1"/>
@@ -596,9 +596,19 @@ gadgets.io = function() {
authParam = '&authz=' + authz.toLowerCase();
}
}
+
+ var uri = shindig.uri(url);
+ var path = uri.getPath();
+ var fileName = "";
+ var lSlash = path.lastIndexOf('/');
+ if (lSlash !== -1) {
+ fileName = path.substring(lSlash); // include the slash
+ }
+
var ret = proxyUrl.replace('%url%', encodeURIComponent(url)).
replace('%host%', document.location.host).
replace('%rawurl%', url).
+ replace('%filename%', fileName).
replace('%refresh%', encodeURIComponent(refresh)).
replace('%gadget%', encodeURIComponent(urlParams['url'])).
replace('%container%', encodeURIComponent(urlParams['container'] || urlParams['synd'] || 'default')).
@@ -53,6 +53,14 @@ IoTest.prototype.setSchemaless = function() {
gadgets.io.preloaded_ = [];
};
+IoTest.prototype.setWithFileName = function() {
+ gadgets.config.init({ "core.io" : {
+ "proxyUrl" : "http://example.com/proxy%filename%?url=%url%&refresh=%refresh%&g=%gadget%&c=%container%",
+ "jsonProxyUrl" : "http://example.com/json",
+ "unparseableCruft" : "throw 1; < don't be evil' >"}});
+ gadgets.io.preloaded_ = [];
+};
+
IoTest.prototype.setOAuthSupportEnabled = function() {
gadgets.config.init({ "core.io" : {
"proxyUrl" : "http://example.com/proxy?url=%url%&refresh=%refresh%&g=%gadget%&c=%container%%authz%",
@@ -121,6 +129,17 @@ IoTest.prototype.testGetProxyUrl_schemaless = function() {
proxied);
};
+IoTest.prototype.testGetProxyUrl_withFileName = function() {
+ this.setWithFileName();
+ var proxied = gadgets.io.getProxyUrl("http://target.example.com/image.gif");
+ this.assertEquals(
+ "http://example.com/proxy/image.gif?url=http%3a%2f%2ftarget.example.com%2fimage.gif" +
+ "&refresh=3600" +
+ "&g=http%3a%2f%2fwww.gadget.com%2fgadget.xml" +
+ "&c=foo",
+ proxied);
+};
+
IoTest.prototype.testEncodeValues = function() {
var x = gadgets.io.encodeValues({ 'foo' : 'bar' });
this.assertEquals("foo=bar", x);
@@ -164,7 +164,14 @@ protected void setResponseContentHeaders(HttpResponseBuilder response, HttpRespo
// This does make some sites a higher value phishing target, but this can be mitigated by
// additional referer checks.
if (!isFlash(response.getHeader("Content-Type"), results.getHeader("Content-Type"))) {
- response.setHeader("Content-Disposition", "attachment;filename=p.txt");
+ String contentDispositionValue = results.getHeader("Content-Disposition");
+ if (StringUtils.isBlank(contentDispositionValue)
+ || contentDispositionValue.indexOf("attachment;") == -1
+ || contentDispositionValue.indexOf("filename") == -1) {
+ response.setHeader("Content-Disposition", "attachment;filename=p.txt");
+ } else {
+ response.setHeader("Content-Disposition", contentDispositionValue);
+ }
}
if (results.getHeader("Content-Type") == null) {
response.setHeader("Content-Type", "application/octet-stream");

0 comments on commit d8071ac

Please sign in to comment.