Java 为什么认为CONTENT_处置头不安全?
我开发了一个REST端点,它生成一个序列化为字节数组的zip文件Java 为什么认为CONTENT_处置头不安全?,java,reactjs,spring-boot,rest,http-headers,Java,Reactjs,Spring Boot,Rest,Http Headers,我开发了一个REST端点,它生成一个序列化为字节数组的zip文件 @GetMapping(path = "/export-zip", produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity<byte[]> exportZipFile() throws IOException { try { MyZipObject zip = zipServ
@GetMapping(path = "/export-zip", produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<byte[]> exportZipFile() throws IOException {
try {
MyZipObject zip = zipService.createZip();
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + zip.getFileName() + ".zip\"");
return new ResponseEntity<>(zip.getData(), httpHeaders, HttpStatus.OK);
} catch (Exception e) {
return new ResponseEntity(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
}
}
我不确定为什么标题一开始就被认为是不安全的,但我也想知道如何使其成为安全标题。这是一个有用的回答,谢谢。最后,我通过向我的控制器添加以下代码来解决这个问题
httpHeaders.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, HttpHeaders.CONTENT_DISPOSITION);
httpHeaders.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + fileName + ".zip\"");
这回答了你的问题吗?
httpHeaders.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, HttpHeaders.CONTENT_DISPOSITION);
httpHeaders.add(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + fileName + ".zip\"");