Content Disposition Filter content-disposition-filter

AEM 6.4 has reached the end of extended support and this documentation is no longer updated. For further details, see our technical support periods. Find the supported versions here.

Content disposition filter is a security feature against XSS attacks on SVG files.

Once installed, the filter blocks access to all assets. For example, you could not view a PDF online. This section describes how to configure the filter to your needs.

Configure Content Disposition Filter configure-content-disposition-filter

You can view the Apache Sling Content Disposition Filter in GitHub.

The Content Disposition Filter options provide the following functionality:

  • Content Disposition Paths: a list of paths where the filter will be applied followed by a list of mime-types to exclude on that path.This path must be an absolute path and may contain a wildcard (*) at the end, to match every resource path with the given path prefix. For example: /content/*:image/jpeg,image/svg+xml will apply the filter to every node in /content except jpg and svg images

  • Excluded Resource Paths: a list of excluded resources, each resource path must be given as absolute and fully qualified path. Prefix matching/wildcards are not supported.

  • Enable For All Resource Paths: this flag controls whether to enable this filter for all paths, except for the excluded paths defined by Excluded Resource Paths. Setting this to ‘true’ leads to ignoring Content Disposition Paths. Independent of the configuration only resource paths are covered which contain a property named jcr:data or
    jcr:content jcr:data.