directory search
Guides Access control CORS Authentication Browser detection using the user agent Caching Caching FAQ Compression Conditional requests Connection management in HTTP 1.x Content negotiation Content negotiation: List of default Accept values Cookies CSP Messages Overview Protocol upgrade mechanism Proxy servers and tunneling Proxy servers and tunneling: Proxy Auto-Configuration (PAC) file Public Key Pinning Range requests Redirections Resources and specifications Resources and URIs Response codes Server-Side Access Control Session Guides: Basics Basics of HTTP Choosing between www and non-www URLs Data URIs Evolution of HTTP Identifying resources on the Web MIME Types MIME types: Complete list of MIME types CSP Content-Security-Policy Content-Security-Policy-Report-Only CSP: base-uri CSP: block-all-mixed-content CSP: child-src CSP: connect-src CSP: default-src CSP: font-src CSP: form-action CSP: frame-ancestors CSP: frame-src CSP: img-src CSP: manifest-src CSP: media-src CSP: object-src CSP: plugin-types CSP: referrer CSP: report-uri CSP: require-sri-for CSP: sandbox CSP: script-src CSP: style-src CSP: upgrade-insecure-requests CSP: worker-src Headers Accept Accept-Charset Accept-Encoding Accept-Language Accept-Ranges Access-Control-Allow-Credentials Access-Control-Allow-Headers Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Expose-Headers Access-Control-Max-Age Access-Control-Request-Headers Access-Control-Request-Method Age Allow Authorization Cache-Control Connection Content-Disposition Content-Encoding Content-Language Content-Length Content-Location Content-Range Content-Type Cookie Cookie2 Date DNT ETag Expect Expires Forwarded From Headers Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since Keep-Alive Large-Allocation Last-Modified Location Origin Pragma Proxy-Authenticate Proxy-Authorization Public-Key-Pins Public-Key-Pins-Report-Only Range Referer Referrer-Policy Retry-After Server Set-Cookie Set-Cookie2 SourceMap Strict-Transport-Security TE Tk Trailer Transfer-Encoding Upgrade-Insecure-Requests User-Agent User-Agent: Firefox Vary Via Warning WWW-Authenticate X-Content-Type-Options X-DNS-Prefetch-Control X-Forwarded-For X-Forwarded-Host X-Forwarded-Proto X-Frame-Options X-XSS-Protection Methods CONNECT DELETE GET HEAD Methods OPTIONS PATCH POST PUT Status 100 Continue 101 Switching Protocols 200 OK 201 Created 202 Accepted 203 Non-Authoritative Information 204 No Content 205 Reset Content 206 Partial Content 300 Multiple Choices 301 Moved Permanently 302 Found 303 See Other 304 Not Modified 307 Temporary Redirect 308 Permanent Redirect 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable 407 Proxy Authentication Required 408 Request Timeout 409 Conflict 410 Gone 411 Length Required 412 Precondition Failed 413 Payload Too Large 414 URI Too Long 415 Unsupported Media Type 416 Range Not Satisfiable 417 Expectation Failed 426 Upgrade Required 428 Precondition Required 429 Too Many Requests 431 Request Header Fields Too Large 451 Unavailable For Legal Reasons 500 Internal Server Error 501 Not Implemented 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout 505 HTTP Version Not Supported 511 Network Authentication Required Status
characters

在常规 HTTP 响应中,Content-Disposition响应标头是指示内容是否预期在浏览器中内联显示的标题,即,作为网页或作为网页的一部分或作为附件下载并且本地保存。

在一个multipart/form-data正文中,HTTP Content-Disposition通用标题是一个标题,可以在多部分主体的子部分中使用,以提供有关它适用的字段的信息。子部分由标题中定义的边界分隔Content-Type。用于身体本身,Content-Disposition没有任何作用。

所述Content-Disposition的 header 在 MIME 消息的电子邮件的更大的范围内定义的,但仅可能的参数的子集应用于 HTTP 形式和POST请求。只有值form-data,以及可选的指令namefilename,可以在 HTTP 上下文中使用。

Header type

Response header (for the main body) General header (for a subpart of a multipart body)

Forbidden header name

no

语法

作为主体的响应标题

HTTP 上下文中的第一个参数是inline(默认值,表示它可以显示在网页内,或作为网页)或attachment(表示它应该下载;大多数浏览器呈现“另存为”对话框,预先填入filename如果存在参数的值

Content-Disposition: inline
Content-Disposition: attachment
Content-Disposition: attachment; filename="filename.jpg"

作为多部分主体的 header

HTTP 上下文中的第一个参数总是form-data; 其他参数不区分大小写,并且有参数,在'='符号后面使用带引号的字符串语法。多个参数用分号(';')分隔。

Content-Disposition: form-data
Content-Disposition: form-data; name="fieldName"Content-Disposition: form-data; name="fieldName"; filename="filename.jpg"

指令

name后面跟着一个字符串,其中包含该字段的内容引用的 HTML 字段的名称。在同一字段中处理多个文件(例如元素的multiple属性<input type=file>)时,可能会有几个具有相同名称的子部分。

一个name有值'_charset_'表明该部分不是 HTML 区域,但默认字符集,而无需显式的字符集信息使用的部分。

filename后面是一个包含传输文件的原始名称的字符串。文件名始终是可选的,不能被应用程序盲目使用:路径信息应该被删除,并且应该转换为服务器文件系统规则。该参数提供大部分指示性信息。当与其结合使用时Content-Disposition: attachment,它被用作提供给 user.filename 的最终“另存为”对话框的默认文件名*

参数“filename”和“filename *”的区别仅在于“filename *”使用RFC 5987中定义的编码。当“文件名”和“文件名*”都出现在单个标题字段值中时,“文件名*”优于“文件名”,当两者都存在并被理解时。

例子

触发“另存为”对话框的响应:

200 OK
Content-Type: text/html; charset=utf-8Content-Disposition: attachment; filename="cool.html"Content-Length: 22<HTML>Save me!</HTML>

这个简单的 HTML 文件将被保存为常规下载而不是在浏览器中显示。大多数浏览器会建议将其保存在cool.html文件名下(默认情况下)。

HTML 表单的一个示例,使用multipart/form-data使用Content-Disposition标题的格式发布:

POST /test.html HTTP/1.1Host: example.org
Content-Type: multipart/form-data;boundary="boundary"--boundary
Content-Disposition: form-data; name="field1"value1--boundary
Content-Disposition: form-data; name="field2"; filename="example.txt"value2--boundary--

规范

Specification

Title

RFC 7578

Returning Values from Forms: multipart/form-data

RFC 6266

Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)

RFC 2183

Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field

浏览器兼容性

Feature

Chrome

Firefox

Edge

Internet Explorer

Opera

Safari

Basic Support

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

Feature

Android

Chrome for Android

Edge mobile

Firefox for Android

IE mobile

Opera Android

iOS Safari

Basic Support

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

(Yes)

兼容性说明

  • Content-Disposition如果提供了参数filenamefilename*参数,Firefox 5 将更有效地处理 HTTP 响应头; 它会查看所有提供的名称,filename*如果有可用的名称,则使用参数,即使filename首先包含参数。以前,将使用第一个匹配参数,从而阻止使用更合适的名称。见错误588781。见还

  • HTML Forms

  • The Content-Type defining the boundary of the multipart body.

  • The FormData interface used to manipulate form data for use in the XMLHttpRequest API.

Previous article: Next article: