Content disposition filter is a security feature against XSS attacks on SVG files.
Once installed, the filter blocks access to all assets. For example, you could not view a pfd online. This section describes how to configure the filter to your needs.
You can view the Apache Sling Content Disposition Filter in GitHub.
The Content Disposition Filter options provide the following functionality:
- Content Disposition Paths: a list of paths where the filter will be applied followed by a list of mime-types to exclude on that path.This path must be an absolute path and may contain a wildcard ('*') at the end, to match every resource path with the given path prefix. For example: /content/*:image/jpeg,image/svg+xml " will apply the filter to every node in /content except jpg and svg images
- Excluded Resource Paths: a list fo excluded resources, each resource path must be given as absolute and fully qualified path. Prefix matching/wildcards are not supported.
- Enable For All Resource Paths: this flag controls whether to enable this filter for all paths, except for the excluded paths defined by Excluded Resource Paths. Setting this to 'true' leads to ignoring Content Disposition Paths. Independent of the configuration only resource paths are covered which contain a property named 'jcr:data' or 'jcr:content jcr:data'.