Content Disposition Filter

Content disposition filter is a security feature against XSS attacks on SVG files.

Once installed, the filter blocks access to all assets. For example, you could not view a pfd online. This section describes how to configure the filter to your needs.

Configure Content Disposition Filter

You can view the Apache Sling Content Disposition Filter in GitHub.

The Content Disposition Filter options provide the following functionality:

  • Content Disposition Paths: a list of paths where the filter will be applied followed by a list of mime-types to exclude on that path.This path must be an absolute path and may contain a wildcard (‘*’) at the end, to match every resource path with the given path prefix. For example: /content/*:image/jpeg,image/svg+xml " will apply the filter to every node in /content except jpg and svg images

  • Excluded Resource Paths: a list fo excluded resources, each resource path must be given as absolute and fully qualified path. Prefix matching/wildcards are not supported.

  • Enable For All Resource Paths: this flag controls whether to enable this filter for all paths, except for the excluded paths defined by Excluded Resource Paths. Setting this to ‘true’ leads to ignoring Content Disposition Paths. Independent of the configuration only resource paths are covered which contain a property named ‘jcr:data’ or ‘jcr:content jcr:data’.

On this page

Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now