com.atlassian.confluence.servlet.download
Class DefaultAttachmentSafeContentHeaderGuesser

java.lang.Object
  extended by com.atlassian.confluence.servlet.download.DefaultAttachmentSafeContentHeaderGuesser
All Implemented Interfaces:
SafeContentHeaderGuesser

public class DefaultAttachmentSafeContentHeaderGuesser
extends java.lang.Object
implements SafeContentHeaderGuesser


Constructor Summary
DefaultAttachmentSafeContentHeaderGuesser()
           
 
Method Summary
 java.util.Map<java.lang.String,java.lang.String> computeAttachmentHeaders(java.lang.String contentType, java.lang.String name, java.lang.String userAgent, long contentLength, boolean hasXsrfToken, java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
          Returns a map of headers with their values.
 void setContentTypeAndDispositionHeaderBlacklist(com.atlassian.http.mime.ContentDispositionHeaderGuesser contentTypeAndDispositionHeaderBlacklist)
           
 void setMimeTypeTranslator(AttachmentMimeTypeTranslator mimeTypeTranslator)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultAttachmentSafeContentHeaderGuesser

public DefaultAttachmentSafeContentHeaderGuesser()
Method Detail

computeAttachmentHeaders

public java.util.Map<java.lang.String,java.lang.String> computeAttachmentHeaders(java.lang.String contentType,
                                                                                 java.lang.String name,
                                                                                 java.lang.String userAgent,
                                                                                 long contentLength,
                                                                                 boolean hasXsrfToken,
                                                                                 java.util.Map<java.lang.String,java.lang.String> httpQueryParams)
Description copied from interface: SafeContentHeaderGuesser
Returns a map of headers with their values. One of these headers _must_ be 'Content-Type'. The purpose of this method is to guess a safe content type header (and associated content-disposition headers), so that it is difficult to perform xss using attachments.

Specified by:
computeAttachmentHeaders in interface SafeContentHeaderGuesser
Parameters:
contentType - the existing content-type that the attachment has.
name - the filename of the attachment
userAgent - the user agent of the client requesting the attachment
contentLength - the length of the attachment
httpQueryParams - a map of the http query parameters
Returns:
a map of http headers to their values. It will contain at least one entry with key 'Content-Type'.

setMimeTypeTranslator

public void setMimeTypeTranslator(AttachmentMimeTypeTranslator mimeTypeTranslator)

setContentTypeAndDispositionHeaderBlacklist

public void setContentTypeAndDispositionHeaderBlacklist(com.atlassian.http.mime.ContentDispositionHeaderGuesser contentTypeAndDispositionHeaderBlacklist)


Copyright © 2003-2014 Atlassian. All Rights Reserved.