From 39c950fb898b4d74a53dbc36781edf8ca82262cb Mon Sep 17 00:00:00 2001 From: Brandon Sahadeo <50463922+brandonsahadeo@users.noreply.github.com> Date: Tue, 25 Nov 2025 10:02:46 -0500 Subject: [PATCH] fix: add support for content-disposition-header --- rulesets/src/request-response.ruleset.yml | 2 +- standards/request-response.md | 27 +++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/rulesets/src/request-response.ruleset.yml b/rulesets/src/request-response.ruleset.yml index 76f4344..afe86ff 100644 --- a/rulesets/src/request-response.ruleset.yml +++ b/rulesets/src/request-response.ruleset.yml @@ -121,7 +121,7 @@ rules: then: function: pattern functionOptions: - match: "^(Sps-[a-zA-Z0-9-]{1,50}|Accept|Access-Control.*|Authorization|Cache-Control|Content-Language|Content-Length|Content-Type|Date|ETag|Host|If-Match|If-None-Match|Location|Origin|User-Agent)$" + match: "^(Sps-[a-zA-Z0-9-]{1,50}|Accept|Access-Control.*|Authorization|Cache-Control|Content-Disposition|Content-Language|Content-Length|Content-Type|Date|ETag|Host|If-Match|If-None-Match|Location|Origin|User-Agent)$" sps-sensitive-data-in-headers: description: Headers MUST NOT contain sensitive data. diff --git a/standards/request-response.md b/standards/request-response.md index 371928f..899c4d5 100644 --- a/standards/request-response.md +++ b/standards/request-response.md @@ -356,6 +356,33 @@ Content-Language: en-US, de-DE, en-CA
+#### [Content-Disposition](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition) + +**Type**: Both + +**Support**: OPTIONAL + +**Description**: This request/response header indicates how content should be handled or identifies file metadata. +- In responses, APIs **SHOULD** include this header when returning file content or binary data to indicate if content should be displayed inline or downloaded as an attachment. +- In requests, this header **MAY** be used in multipart/form-data uploads to specify the filename and disposition of uploaded content. +- The header **MUST** use `inline` disposition for content meant to be displayed directly. +- The header **MUST** use `attachment` disposition for content meant to be downloaded. +- When using `attachment`, a `filename` parameter **SHOULD** be provided to suggest a filename for the download or identify uploaded file names. +- Filenames **SHOULD** be properly encoded when containing non-ASCII characters using RFC 5987 encoding. + +**Example(s)**: + +``` +// CORRECT +Content-Disposition: inline +Content-Disposition: attachment +Content-Disposition: attachment; filename="document.pdf" +Content-Disposition: attachment; filename="report-2025.csv" +Content-Disposition: attachment; filename*=UTF-8''%E6%96%87%E6%A1%A3.pdf +``` + +
+ #### [ETag](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag) **Type**: Response