diff --git a/changelog/unreleased/bump-reva-for-content-disposition-header.md b/changelog/unreleased/bump-reva-for-content-disposition-header.md new file mode 100644 index 000000000..c87050ef2 --- /dev/null +++ b/changelog/unreleased/bump-reva-for-content-disposition-header.md @@ -0,0 +1,7 @@ +Bugfix: Fix Content-Disposition header for downloads + +We have fixed a bug that caused downloads to fail on Chromebased browsers when the filename contained special characters. + +https://github.com/owncloud/ocis/pull/8381 +https://github.com/owncloud/ocis/issues/8361 +https://github.com/cs3org/reva/pull/4498 diff --git a/go.mod b/go.mod index 7ba7837ae..59f83d8b8 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/blevesearch/bleve/v2 v2.3.10 github.com/coreos/go-oidc/v3 v3.9.0 github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 - github.com/cs3org/reva/v2 v2.18.1-0.20240205065033-2c21ada2ae52 + github.com/cs3org/reva/v2 v2.18.1-0.20240206122233-bf89f7aaedd1 github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25 github.com/disintegration/imaging v1.6.2 github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e diff --git a/go.sum b/go.sum index 80a34ec6a..70eddac68 100644 --- a/go.sum +++ b/go.sum @@ -1019,8 +1019,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c= github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY= github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY= -github.com/cs3org/reva/v2 v2.18.1-0.20240205065033-2c21ada2ae52 h1:Jeh8q6WKl4gcK7GMayn56y1uxbw91XvyuZcvY7SiDRk= -github.com/cs3org/reva/v2 v2.18.1-0.20240205065033-2c21ada2ae52/go.mod h1:GCN3g6uYE0Nvd31dGlhaGGyUviUfbG2NkecPRv5oSc4= +github.com/cs3org/reva/v2 v2.18.1-0.20240206122233-bf89f7aaedd1 h1:74SlyiFIUYcTvSFaEyeyABg3nuiDko91ve0fE++t87s= +github.com/cs3org/reva/v2 v2.18.1-0.20240206122233-bf89f7aaedd1/go.mod h1:GCN3g6uYE0Nvd31dGlhaGGyUviUfbG2NkecPRv5oSc4= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= diff --git a/tests/acceptance/features/coreApiVersions/fileVersions.feature b/tests/acceptance/features/coreApiVersions/fileVersions.feature index 9658d6f61..56e1180aa 100644 --- a/tests/acceptance/features/coreApiVersions/fileVersions.feature +++ b/tests/acceptance/features/coreApiVersions/fileVersions.feature @@ -163,13 +163,13 @@ Feature: dav-versions Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''textfile0.txt; filename="textfile0.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"textfile0.txt"; filename="textfile0.txt" | And the downloaded content should be "version 1" When user "Alice" downloads the version of file "textfile0.txt" with the index "2" Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''textfile0.txt; filename="textfile0.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"textfile0.txt"; filename="textfile0.txt" | And the downloaded content should be "uploaded content" @skipOnStorage:ceph @skipOnStorage:scality @@ -182,13 +182,13 @@ Feature: dav-versions Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''textfile0.txt; filename="textfile0.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"textfile0.txt"; filename="textfile0.txt" | And the downloaded content should be "version 2" When user "Alice" downloads the version of file "textfile0.txt" with the index "2" Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''textfile0.txt; filename="textfile0.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"textfile0.txt"; filename="textfile0.txt" | And the downloaded content should be "uploaded content" diff --git a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature index 34b7be65f..7c5eb31bc 100644 --- a/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature +++ b/tests/acceptance/features/coreApiWebdavOperations/downloadFile.feature @@ -269,7 +269,7 @@ Feature: download file Then the HTTP status code should be "200" And the following headers should be set | header | value | - | Content-Disposition | attachment; filename*=UTF-8''welcome.txt; filename="welcome.txt" | + | Content-Disposition | attachment; filename*=UTF-8''"welcome.txt"; filename="welcome.txt" | | Content-Security-Policy | default-src 'none'; | | X-Content-Type-Options | nosniff | | X-Download-Options | noopen | diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/net/builders.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/net/builders.go index 0498072b6..be7b8fdee 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/net/builders.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/net/builders.go @@ -27,7 +27,7 @@ import ( // ContentDispositionAttachment builds a ContentDisposition Attachment header with various filename encodings func ContentDispositionAttachment(filename string) string { - return "attachment; filename*=UTF-8''" + filename + "; filename=\"" + filename + "\"" + return "attachment; filename*=UTF-8''\"" + filename + "\"; filename=\"" + filename + "\"" } // RFC1123Z formats a CS3 Timestamp to be used in HTTP headers like Last-Modified diff --git a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/propfind/propfind.go b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/propfind/propfind.go index fc5764738..027f8c73b 100644 --- a/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/propfind/propfind.go +++ b/vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocdav/propfind/propfind.go @@ -579,6 +579,7 @@ func (p *Handler) getResourceInfos(ctx context.Context, w http.ResponseWriter, r // adjust path info.Path = filepath.Join(spacePath, spaceRef.Path) + info.Name = filepath.Base(info.Path) spaceMap[info] = spaceData{Ref: spaceRef, SpaceType: space.SpaceType} diff --git a/vendor/modules.txt b/vendor/modules.txt index 7850ae139..9ebb835c7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -362,7 +362,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.18.1-0.20240205065033-2c21ada2ae52 +# github.com/cs3org/reva/v2 v2.18.1-0.20240206122233-bf89f7aaedd1 ## explicit; go 1.21 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime