Fixed content-disposition error that occurs with filename set and new chrome version #16

Closed
wants to merge 113 commits into
from

Conversation

Projects
None yet

rylwin commented Dec 16, 2011

This fixes an issue where new version of Chrome 16.0.912.63 would give this error when passing a filename to prawnto:

Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple
Content-Disposition headers received. This is disallowed to protect against HTTP
response splitting attacks

This error was resolved by wrapping the filename in the content-disposition header in quotes.
WAS: "Content-Disposition"=>"attachment;filename=Name of your file.pdf"

NOW: "Content-Disposition"=>"attachment;filename="Name of your file.pdf""

mocoso and others added some commits Mar 20, 2009

@mocoso mocoso Enabled the use of pdf.prawn templates from ActionMailer for attachme…
…nt generation
994ad24
@blaxter blaxter allow filenames with spaces fddf4fa
@wigsgiw wigsgiw changing ssl test for rails 2.3.2 compatibility, IE pdf's over ssl wo…
…rking again
a71db92
pointman changed the reference from prawn to prawn/core d9b0d5d
pointman Updated a test to require prawn/core instead of prawn 9a69944
@KeeperPat KeeperPat Fix the method of determining whether the request is SSL or not. The …
…way that it was done would error out in functional tests because env['SERVER_PROTOCOL'] would be nil. More importantly, this would not necessarily return true even if the request was an ssl request. Resolves #3.
d747dda
@ptzn ptzn Fixed bug with default :inline => false option.
When we define it as false at class level, option always overrided by default true value
and prawnto always set disposition-type as "inline" instead of "attachment".
6dbba5d
@ptzn @huerlisi ptzn Fixed bug with default :inline => false option.
When we define it as false at class level, option always overrided by default true value
and prawnto always set disposition-type as "inline" instead of "attachment".
05cbfc5
@KeeperPat @huerlisi KeeperPat Fix the method of determining whether the request is SSL or not. The …
…way that it was done would error out in functional tests because env['SERVER_PROTOCOL'] would be nil. More importantly, this would not necessarily return true even if the request was an ssl request. Resolves #3.
3ec5c8d
@blaxter @huerlisi blaxter allow filenames with spaces 7e70499
@huerlisi huerlisi Merge commit 'blaxter-prawnto/master' 979de4b
@huerlisi huerlisi Merge commit 'KeeperPat-prawnto/master' fa88d21
@huerlisi huerlisi Merge commit 'fermion-prawnto/master' bdd365f
@huerlisi huerlisi Merge commit 'pointman-prawnto/master' 4dcdd67
@huerlisi huerlisi Merge commit 'econsultancy-prawnto/econsultancy-20090320' bf8b153
@huerlisi huerlisi Merge commit 'ptzn-prawnto/master' 1844423
Jeff Wigal PDF download on IE needs some extra headers set 178e38c
@mdotterer mdotterer Packaging as a gem 5f1bf81
@tomstuart tomstuart Correctly detect HTTPS requests by just asking #ssl? of the request o…
…bject
6fd0f5b
Ilya Implemented as a gem 258c2ac
Ilya Tiny rakefile updates: tests are broken. Need to fix 824d621
@harking harking Updating includes to work with prawn 0.9+ 787e0b6
Simon Protheroe Removed (no-op) rake task to prevent Rails 2.3.8 deprecation warnings. ea4479a
@djnawara djnawara Merged with jwigal's IE header fix. f1a612e
@djnawara djnawara Merge branch 'master' of git://github.com/sprotheroe/prawnto 5336d98
Ilya Small fix for headers checking 249d27e
Ilya small fix bee0f69
Alexander Bondarev Added support for Rails 3 24b0f8a
eugen ssl_request? changed to @controller.request.ssl? d3954ab
@mocoso mocoso Remove empty prawnto tasks
Because they were causing deprecation warnings
7ace209
@jlsync Steve Quinlan removed references to pdfs d0f8647
@jlsync Ilya Implemented as a gem de47cda
@jlsync jlsync Merge remote branch 'smecsia/master'
Conflicts:
	.gitignore
	Rakefile
	lib/prawnto.rb
	lib/prawnto/template_handler/compile_support.rb
	pkg/prawnto-0.0.1.gem
	rails/init.rb
9209b23
@jlsync jlsync Merge remote branch 'mdotterer/master'
Conflicts:
	rails/init.rb
790d2d4
@jlsync jlsync gemspec d6e06b8
@jlsync jlsync # 56b57f5
@jlsync jlsync files listing updated in gemspec b7c2d12
@mocoso mocoso Add rails_xss support
Without the raw calls the rendered template is HTML escaped when rendering a pdf
as a mail attachment.
b3e5660
@vfrride vfrride Check for nill value for env['SERVER_PROTOCOL'] in compile_support.rb b2d8152
@jeanmartin jeanmartin dont register the PDF mime type if it already exists (e.g. registered…
… by another plugin or the app)
3d374b4
@tra tra Avoid deprecation warnings in Rails 3 ddaf796
Tom Anderson added gemspec file 55bb540
@tra tra Remove list of files that don't exist. 1a4d023
@forrest forrest Merging comverge's fork 8a93758
@forrest forrest upgrading to rails 3.1 ff7e74a
@forrest forrest working on docs 9606a8d
@forrest forrest Merging small changes 087cad2
@forrest forrest mergin ciur-eugen's change 88ccd27
@forrest forrest Merging econsultancy rails_xss support e14f0b7
@forrest forrest removing unused code. Fixing small details 8bec2a8
@forrest forrest changes to readme 601fe15
@forrest forrest removing Raw template hendler as it is experimental and out of date fc0bdc1
@forrest forrest setting up tests abbd8ad
@forrest forrest geting tests working cb23abc
@forrest forrest tweaking rdocs 3b1d5c3
@forrest forrest tweaking gmspec dc08fd0
@forrest forrest tweaking gemspec 6d148ad
@forrest forrest removing relative path 13e5bfd
@forrest forrest Bumping version number b6f066e
@forrest forrest commenting out unused code 2aed997
@forrest forrest trying to get the gemspec file to work properly 93157e8
@forrest forrest trying to get this to install through github properly 55e9d6a
@forrest forrest adding Gemfile d335551
@forrest forrest switching name of gem to prawnto_2 for rubygems 3e9885b
@forrest forrest tweaking railtie acdcb16
@forrest forrest fixing install instructions 2c45756
@forrest forrest Version Bump and README updates a9e025a
@forrest forrest major refactoring of the layout and method names. 4a3a7be
@forrest forrest rdocs and readme updates b327790
@forrest forrest version bump 3732173
@niquola niquola Merge pull request #1 from comverge/master
Avoid deprecation warnings in Rails 3
8a03c11
@forrest forrest Merge branch 'master' of https://github.com/smecsia/prawnto a8857a6
@jlsync jlsync VERSION 7eedc11
@jlsync jlsync don't require prawnto.rb twice just for the version number 4034f22
@rylwin rylwin Surround filename in quotes for Content-disposition header.
This fixes an issue where new version of Chrome 16.0.912.63 would give this error:

  Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple
  Content-Disposition headers received. This is disallowed to protect against HTTP
  response splitting attacks
2cbd31c
@pelargir pelargir tweaked template handler for Rails 3.1 ebd6bca
@pelargir pelargir removed memoization since it's deprecated in Rails 3.2 a606d18
@pelargir pelargir replaced read_inheritable_attribute with class_attribute pattern dc01918
@pelargir pelargir renamed class attributes to avoid stepping on other methods 15075e5
@pelargir pelargir mime type only registered when needed to avoid Rails 3.2 warning f3e16da
@forrest forrest Merging changes from pelargir 8f7fe85
@forrest forrest 0.1.3 e646254
@forrest forrest Switching tests to rspec with dummy app included d9cbf75
@forrest forrest Starting on integration specs 5668dc7
@forrest forrest Switching to CompileSupport instead of ActionControllerMixin 85a2f34
@forrest forrest Lot's of cleanup and tests: 0.2.0.beta eef6e34
@forrest forrest Rails 3.2 b310813
@forrest forrest Adding beta instructions to readme cd06266
@forrest forrest Fixing typo in readme d28703e
@forrest forrest Fixing email stuff 95a97dd
@forrest forrest Small cleanups to the email stuff. 027dc49
@forrest forrest Merging regular and DSL template handlers into a single super handler…
…. 0.2.0.Beta2
c43348b
@forrest forrest Fixing install instructions in README for beta2 12eb69f
@forrest forrest Removing un-needed return of self 1288494
@forrest forrest ModelRenderer is working. fef86f3
@forrest forrest Refactoring some files. dc8de3f
@forrest forrest 0.2.0.beta3 a92baeb
@forrest forrest 0.2.0.beta3 ddfafe9
@forrest forrest Fixing up ModelRenderer format ambiguity. edc1928
@forrest forrest Adding travis for continuous testing. 3a3db4e
@forrest forrest Fixing dumb typo in travis image 6e8b712
@forrest forrest 0.2.0.beta4 4e7d6b0
@forrest forrest Fixing instance variable problem f1a2bac
@forrest forrest 0.2.0.beta5 b9e387e
@forrest forrest Still tweaking variable exchange methods 0ca0998
@forrest forrest Fixing bug with blocks being past into missing methods. 28725f2
@forrest forrest 0.2.0.beta6 - Hopefully this hits the mark. cdb0829
@forrest forrest 0.2.0 Stable 21afa11
@forrest forrest Reminving beta from readme 442b1c3
@forrest forrest Adding warning message for redefining 'pdf' in templates fb76d81
@forrest forrest Readme cleanup & Version bump 5b0f29e
@rylwin rylwin Merge branch 'master' of http://github.com/forrest/prawnto
* 'master' of http://github.com/forrest/prawnto: (93 commits)
  Readme cleanup & Version bump
  Adding warning message for redefining 'pdf' in templates
  Reminving beta from readme
  0.2.0 Stable
  0.2.0.beta6 - Hopefully this hits the mark.
  Fixing bug with blocks being past into missing methods.
  Still tweaking variable exchange methods
  0.2.0.beta5
  Fixing instance variable problem
  0.2.0.beta4
  Fixing dumb typo in travis image
  Adding travis for continuous testing.
  Fixing up ModelRenderer format ambiguity.
  0.2.0.beta3
  0.2.0.beta3
  Refactoring some files.
  ModelRenderer is working.
  Removing un-needed return of self
  Fixing install instructions in README for beta2
  Merging regular and DSL template handlers into a single super handler. 0.2.0.Beta2
  ...

Conflicts:
	lib/prawnto/template_handler/compile_support.rb
	test/base_template_handler_test.rb
6e4ebf6
@rylwin rylwin Loosen constraint on prawn version 2e1f762

rylwin closed this Feb 12, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment