From e7073474740283761bb2e9f823d6fc9e9f22eb1d Mon Sep 17 00:00:00 2001 From: Rossen Stoyanchev Date: Wed, 11 Nov 2015 18:02:50 -0500 Subject: [PATCH] Fix failing tests --- .../annotation/RequestResponseBodyMethodProcessorTests.java | 2 +- .../ServletAnnotationControllerHandlerMethodTests.java | 2 +- src/asciidoc/web-mvc.adoc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java index af0639fe700..32ddb8bdd94 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java @@ -644,7 +644,7 @@ public class RequestResponseBodyMethodProcessorTests { String header = servletResponse.getHeader("Content-Disposition"); if (expectContentDisposition) { assertEquals("Expected 'Content-Disposition' header. Use case: '" + comment + "'", - "attachment;filename=f.txt", header); + "inline;filename=f.txt", header); } else { assertNull("Did not expect 'Content-Disposition' header. Use case: '" + comment + "'", header); diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletAnnotationControllerHandlerMethodTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletAnnotationControllerHandlerMethodTests.java index 28bde6976af..6635463875a 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletAnnotationControllerHandlerMethodTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletAnnotationControllerHandlerMethodTests.java @@ -1655,7 +1655,7 @@ public class ServletAnnotationControllerHandlerMethodTests extends AbstractServl assertEquals(200, response.getStatus()); assertEquals("text/html", response.getContentType()); - assertEquals("attachment;filename=f.txt", response.getHeader("Content-Disposition")); + assertEquals("inline;filename=f.txt", response.getHeader("Content-Disposition")); assertArrayEquals(content, response.getContentAsByteArray()); } diff --git a/src/asciidoc/web-mvc.adoc b/src/asciidoc/web-mvc.adoc index 0f923ebf285..5642a807614 100644 --- a/src/asciidoc/web-mvc.adoc +++ b/src/asciidoc/web-mvc.adoc @@ -884,7 +884,7 @@ nor disabling the use of path extensions for content negotiation purposes alone are effective at preventing RFD attacks. For comprehensive protection against RFD, prior to rendering the response body -Spring MVC adds a `Content-Disposition:attachment;filename=f.txt` header to +Spring MVC adds a `Content-Disposition:inline;filename=f.txt` header to suggest a fixed and safe download file filename. This is done only if the URL path contains a file extension that is neither whitelisted nor explicitly registered for content negotiation purposes. However it may potentially have