From 39c950fb898b4d74a53dbc36781edf8ca82262cb Mon Sep 17 00:00:00 2001
From: Brandon Sahadeo <50463922+brandonsahadeo@users.noreply.github.com>
Date: Tue, 25 Nov 2025 10:02:46 -0500
Subject: [PATCH] fix: add support for content-disposition-header

---
 rulesets/src/request-response.ruleset.yml |  2 +-
 standards/request-response.md             | 27 +++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/rulesets/src/request-response.ruleset.yml b/rulesets/src/request-response.ruleset.yml
index 76f4344..afe86ff 100644
--- a/rulesets/src/request-response.ruleset.yml
+++ b/rulesets/src/request-response.ruleset.yml
@@ -121,7 +121,7 @@ rules:
     then:
       function: pattern
       functionOptions:
-        match: "^(Sps-[a-zA-Z0-9-]{1,50}|Accept|Access-Control.*|Authorization|Cache-Control|Content-Language|Content-Length|Content-Type|Date|ETag|Host|If-Match|If-None-Match|Location|Origin|User-Agent)$"
+        match: "^(Sps-[a-zA-Z0-9-]{1,50}|Accept|Access-Control.*|Authorization|Cache-Control|Content-Disposition|Content-Language|Content-Length|Content-Type|Date|ETag|Host|If-Match|If-None-Match|Location|Origin|User-Agent)$"
 
   sps-sensitive-data-in-headers:
     description: Headers MUST NOT contain sensitive data.
diff --git a/standards/request-response.md b/standards/request-response.md
index 371928f..899c4d5 100644
--- a/standards/request-response.md
+++ b/standards/request-response.md
@@ -356,6 +356,33 @@ Content-Language: en-US, de-DE, en-CA
 
 <hr />
 
+#### [Content-Disposition](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition)
+
+**Type**: Both
+
+**Support**: OPTIONAL
+
+**Description**: This request/response header indicates how content should be handled or identifies file metadata.
+- In responses, APIs **SHOULD** include this header when returning file content or binary data to indicate if content should be displayed inline or downloaded as an attachment.
+- In requests, this header **MAY** be used in multipart/form-data uploads to specify the filename and disposition of uploaded content.
+- The header **MUST** use `inline` disposition for content meant to be displayed directly.
+- The header **MUST** use `attachment` disposition for content meant to be downloaded.
+- When using `attachment`, a `filename` parameter **SHOULD** be provided to suggest a filename for the download or identify uploaded file names.
+- Filenames **SHOULD** be properly encoded when containing non-ASCII characters using RFC 5987 encoding.
+
+**Example(s)**:
+
+```
+// CORRECT
+Content-Disposition: inline
+Content-Disposition: attachment
+Content-Disposition: attachment; filename="document.pdf"
+Content-Disposition: attachment; filename="report-2025.csv"
+Content-Disposition: attachment; filename*=UTF-8''%E6%96%87%E6%A1%A3.pdf
+```
+
+<hr />
+
 #### [ETag](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag)
 
 **Type**: Response