java 从 Jasperreports 中的服务器收到的多个不同的 Content-Disposition 标头
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15599618/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Multiple distinct Content-Disposition headers received from server in Jasperreports
提问by Arya
I'm trying to set content-disposition header in response of servlet, but i get this error in browser. What should i do?
我正在尝试设置 content-disposition 标头以响应 servlet,但我在浏览器中收到此错误。我该怎么办?
Duplicate headers received from server
The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple distinct Content-Disposition headers received. This is disallowed to protect against HTTP response splitting attacks.
从服务器收到的重复标头
来自服务器的响应包含重复的标头。此问题通常是错误配置的网站或代理的结果。只有网站或代理管理员可以解决此问题。
错误 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION):收到多个不同的 Content-Disposition 标头。这是不允许的,以防止 HTTP 响应拆分攻击。
Here my servlet controller:
这是我的 servlet 控制器:
@RequestMapping("/**/paymentOrderReport.pdf")
public class PaymentOrderReportViewController extends org.springframework.web.servlet.mvc.AbstractController {
private PaymentDao paymentDao;
private JasperPdfView pdfView;
@Override
protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {
response.setContentType("application/pdf");
response.setHeader("Content-disposition", "attachment; filename=" + "report.pdf");
PaymentOrderEntity paymentOrderEntity = null;
String traceCode = request.getParameter(ParamConstants.TRACE_CODE);
if (traceCode != null) {
PaymentSheetRequestEntity payRequestEntity = paymentDao.loadByUniqueProperty(PaymentSheetRequestEntity.PROP_TRACE_CODE,
traceCode);
if (payRequestEntity != null) {
paymentOrderEntity = payRequestEntity.getPaymentOrder();
}
}
if (paymentOrderEntity != null) {
List<PaymentOrderEntity> result = new ArrayList<PaymentOrderEntity>();
result.add(paymentOrderEntity);
JRDataSource jrDataSource = new JRBeanCollectionDataSource(result);
Map<String, Object> model = new HashMap<String, Object>();
model.put("reportData", jrDataSource);
return new ModelAndView(pdfView, model);
}
return null;
}
public void setPaymentDao(PaymentDao paymentDao) {
this.paymentDao = paymentDao;
}
public void setPdfView(JasperPdfView pdfView) {
this.pdfView = pdfView;
}
}
And JasperPdfView Class:
和 JasperPdfView 类:
public class JasperPdfView extends AbstractJasperReportsView {
@Override
protected void renderReport(JasperPrint populatedReport, Map<String, Object> model, HttpServletResponse response) throws Exception {
JRPdfExporter jrPdfExporter = new JRPdfExporter();
if (getConvertedExporterParameters() != null) {
jrPdfExporter.setParameters(getConvertedExporterParameters());
}
jrPdfExporter.setParameter(JRExporterParameter.JASPER_PRINT, populatedReport);
jrPdfExporter.setParameter(JRExporterParameter.OUTPUT_STREAM, response.getOutputStream());
jrPdfExporter.exportReport();
}
}
回答by Chei
Google Chrome might display this error message if you are downloading a file which has a comma in the file name. Were you really using just "report.pdf" as filename?
如果您正在下载文件名中包含逗号的文件,Google Chrome 浏览器可能会显示此错误消息。你真的只使用“report.pdf”作为文件名吗?
Having read the HTTP specsthe Content-Disposition header (which is not part of the HTTP spec itself) should not include a comma character, because it will be treated as a separator for two different headers.
阅读HTTP 规范后,Content-Disposition 标头(它不是 HTTP 规范本身的一部分)不应包含逗号字符,因为它将被视为两个不同标头的分隔符。
Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma.
当且仅当该头字段的整个字段值被定义为逗号分隔列表[即,#(values)] 时,消息中可以存在多个具有相同字段名称的消息头字段。通过将每个后续字段值附加到第一个字段值,每个字段值用逗号分隔,必须可以将多个标题字段组合成一个“字段名称:字段值”对,而不改变消息的语义。
So if your filename were report,May2014.pdf then Chrome interprets
所以如果你的文件名被报告,May2014.pdf 然后 Chrome 解释
Content-Disposition: attachment; filename=report,May2014.pdf
Content-Disposition: attachment; filename=report,May2014.pdf
as two values for the same http message header
作为同一个 http 消息头的两个值
Content-Disposition: attachment; filename=report
Content-Disposition: attachment; filename=report
Content-Disposition: May2014.pdf
Content-Disposition: May2014.pdf
which in turn is interpreted as a HTTP response splitting attack, probably because there shall actually be no multiple Content-Disposition header values in a single HTTP response.
这反过来被解释为HTTP 响应拆分攻击,可能是因为在单个 HTTP 响应中实际上不应有多个 Content-Disposition 标头值。
Other browsers does not seem to mind the comma in the file name.
其他浏览器似乎并不介意文件名中的逗号。
回答by Moiz Tankiwala
There is a similar discussion here - http://productforums.google.com/forum/#!topic/chrome/hhZh_kpei8U
这里有一个类似的讨论 - http://productforums.google.com/forum/#!topic/chrome/hhZh_kpei8U
See if that helps
看看有没有帮助
回答by Rubén R
Incorrect:
不正确:
response.setHeader("Content-Disposition","attachment;filename="+filename+);
Correct:
正确的:
response.setHeader("Content-Disposition","attachment;filename=\""+filename+"\"");
