Encode Content-Disposition filenames on send_data and send_file

[mtsmfm]

Summary

A few years ago, @stanhu tried to support non-ascii encodings for send_data and send_file.
#21461

but it's still not merged because it lacks tests and some points to be fixed.

In the PR, @jeremy told us how he encodes and actually it's the same how activestorage encodes file name now

I changed ActiveStorage::Filename::Parameters to ActionController::DataStreaming::DispositionFilenameParameters to encode in send_data and send_file and share the logic.

I tested on Chrome, IE11, Safari and Firefox

Chrome

IE11

Safari

Firefox

Script

# 1. Put this file into the root of rails repo
# 2. `bundle exec rackup -b 0.0.0.0`
# 3. `open localhost:9292`
require 'rails/all'

tmpdir = Dir.mktmpdir
Dir.chdir(tmpdir)

ENV['DATABASE_URL'] = "sqlite3://#{File.join(tmpdir, 'database.sql')}"

class TestApp < Rails::Application
  secrets.secret_key_base = 'secret_key_base'
end

Rails.application.configure do
  config.load_defaults 5.2
  config.eager_load = true
  config.active_storage.service = :local
  config.logger = ActiveSupport::Logger.new(STDOUT)
  config.active_storage.service_configurations = {
    local: {
      service: 'Disk',
      root: tmpdir
    }
  }

  config.after_initialize do |app|
    ActiveRecord::Schema.define do
      create_table :users, force: true do |t|
      end

      load File.join(Bundler.rubygems.find_name('activestorage').first.full_gem_path, 'db/migrate/20170806125915_create_active_storage_tables.rb')

      CreateActiveStorageTables.new.change
    end

    class User < ActiveRecord::Base
      has_one_attached :avatar
    end

    class UsersController < ActionController::Base
      def index
        @user = User.new

        render inline: <<~ERB
          <%= form_with model: @user do |f| %>
            <%= f.file_field :avatar %>
            <%= f.submit %>
          <% end %>

          <ul>
            <%- User.all.each do |u| %>
              <li>
                <div>id: <%= u.id %></div>
                <%= link_to 'download via send_data', user_path(u.id) %>
                <%= link_to 'download via rails_blob_path', rails_blob_path(u.avatar, disposition: 'attachment') %>
              </li>
            <% end %>
          </ul>
        ERB
      end

      def create
        User.create!(params.require(:user).permit(:avatar))

        redirect_to users_path
      end

      def show
        user = User.find(params[:id])

        send_data user.avatar.download, disposition: 'attachment', filename: user.avatar.filename.to_s
      end
    end

    app.routes.prepend do
      root to: redirect('/users')
      resources :users
    end

    user = User.new
    user.avatar.attach(io: File.open(__FILE__), filename: %(あ"い"\\う/え'お.rb))
    user.save!
  end
end
Rails.application.initialize!
run Rails.application

at_exit do
  FileUtils.rm_rf(tmpdir)
end

Other Information

I'm wondering if we can backport this change to older versions
-> I created backport gem https://github.com/mtsmfm/action_dispatch-http-content_disposition

[georgeclaghorn]

Can we remove ActiveStorage::Filename::Parameters?

[georgeclaghorn]

Is this :nodoc: comment necessary? What is it excluding from the docs?

[mtsmfm]

Sorry, it's my bad

[georgeclaghorn]

Thanks, @mtsmfm! A few more things:

1. We’re still requiring active_storage/filename/parameters here:
   

   rails/activestorage/app/models/active_storage/filename.rb

   Line 6 in 5b0b1ee

   require_dependency "active_storage/filename/parameters"

2. There are ASt test failures like this:

   ArgumentError: wrong number of arguments (given 1, expected 0)
   

   I’m not immediately sure what’s causing them. Can you look into it?

3. This needs a changelog entry.

4. In response to the last paragraph of the PR description, I’m afraid we can’t backport this change, as it’s a new feature and not a bug fix. See the maintenance policy for more info.

[mtsmfm]

1. ✅
2. ✅Sorry, the cause is 1 🙇
3. ✅
4. I thought it's kind of bug though, OK, I'll create a backport gem for older Rails.

[georgeclaghorn]

This merits more detail. At minimum, we ought to name the specifications implemented (RFCs 2231 and 5987) and provide examples.

[mtsmfm]

✅

[rafaelfranca]

Don't we need to require this file one? Also action_controller because it is not in Active Storage.

[mtsmfm]

I think we don't have to require because this file is under app and it's on Rails engine

[matthewd]

Can we avoid [internally] exposing this class entirely? AFAICS, this method's result is only used in:

rails/activestorage/lib/active_storage/service.rb

Line 125 in b2eb1d1

(type.to_s.presence_in(%w( attachment inline )) || "inline") + "; #{filename.parameters}"

(And that method seems to have more in common with the surrounding lines in send_file_headers!, too.)

[mtsmfm]

Can we avoid [internally] exposing this class entirely?

Hmm, how can I avoid?
AFAIK, there's no way to share this logic across gems without exposing class/module

[georgeclaghorn]

I think Matthew’s suggesting removing the parameters method here and using the new class directly in ActiveStorage::Service#content_disposition_with.

[mtsmfm]

gotcha

[matthewd]

I was thinking of something like ActionController::ContentDisposition.format(:inline, filename: "hello.jpg") # => "inline; filename=[...]"

So we still need to expose a constant (and following @rafaelfranca's suggestion to move it out of the DataStreaming namespace), but having it do the work internally, and just return a string. It just feels a bit odd to me that we're exposing the class instance, when all we want to do is call to_s on it.

[mtsmfm]

Cool, I'll do that

[rafaelfranca]

If we want to reuse inside Active Storage I don't think it should be inside DataStreaming. ActionController:: DispositionFilename is a better name.

[mtsmfm]

okay, I'll rename

[mtsmfm]

ah, you also meant DispositionFilenameParameters should be renamed to DispositionFilename, right?

[rafaelfranca]

Right, but maybe DispositionFilenameParameter is better.

[mtsmfm]

Failed components: activesupport

seems failed test isn't related to this PR

[mtsmfm]

@rafaelfranca Now I think this class should be put into the same place as ActionDispatch::Http::UploadedFile.
It seems all helper stuff is placed in ActionDispatch.
So I propose to rename this class to ActionDispatch::Http::ContentDisposition.
What do you think?

[rafaelfranca]

Good point. Makes sense to me.

[rafaelfranca]

This require should be probably inside lib/active_storage/service.rb

[rafaelfranca]

Good point. Makes sense to me.

[mtsmfm]

@georgeclaghorn @rafaelfranca @matthewd I fixed all points you reviewed. Can you review again, please?

[jeremy]

👏

[mtsmfm]

@georgeclaghorn Can I ask you to review?

[kaspth]

Thanks!