[MAGNOLIA-3452] Content-type of a rendered page should not be a function of the request Created: 07/Dec/10  Updated: 25/Sep/15  Resolved: 25/Sep/15

Status: Closed
Project: Magnolia
Component/s: templating
Affects Version/s: 4.4.1
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Magnolia International Assignee: Unassigned
Resolution: Obsolete Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to MAGNOLIA-2384 display pages only with defined exten... Closed
is related to MAGNOLIA-1564 Accessing a page without proper exten... Closed
is related to MAGNOLIA-6348 Crosscheck mime type of the response ... Closed
supersession
is superseded by MAGNOLIA-6372 Set correct content type of rendered ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

The Content-Type response header is currently a direct function of the extension in the request.
This is not good for several reasons (security, seo, ...)
The Content-Type should simply be a function of whatever renders the content

Example: http://demopublic.magnolia-cms.com/demo-project/about.jpeg yields:

Request URL:http://demopublic.magnolia-cms.com/demo-project/about.jpeg
Request Method:GET
Status Code:200 OK
Request Headers
Accept:application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent:Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-us) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5
Response Headers
Cache-Control:max-age=900
Connection:Keep-Alive
Content-Length:16305
Content-Type:image/jpeg;charset=UTF-8
Date:Tue, 07 Dec 2010 09:54:07 GMT
Keep-Alive:timeout=15, max=97
Last-Modified:Tue, 07 Dec 2010 09:54:07 GMT
Server:Apache/2.2.14 (Ubuntu)
X-Magnolia-Registration:Registered


 Comments   
Comment by Antti Hietala [ 24/Jan/11 ]

Voting up and adding a symptom that is essentially the same issue. The Download button in DMS does not construct a URL with a file extension and therefore sets the wrong content type header.

To reproduce:

  1. Log into demoauthor with Safari (FF doesn't have the issue).
  2. Go to Documents > /openwfe.
  3. Select openwfe_manual and click the Download button in the toolbar.
  4. Safari appends .html to the saved file.

If you open the file properties dialog instead and save the file with a right-click action it is saved correctly as .pdf.

Generated at Mon Feb 12 03:46:37 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.