[Files] correct for anomalies in content disposition value for file downloads #176822
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eokoneyo
added
release_note:fix
Team:SharedUX
|
Pinging @elastic/appex-sharedux (Team:SharedUX) |
eokoneyo
changed the title
eokoneyo
force-pushed
the
fix/issue-downloading-files-with-special-characters
branch
3 times, most recently
from
2414fb6 to
939f3df
Compare
tsullivan
reviewed
Feb 14, 2024
eokoneyo
commented
Feb 14, 2024
Comment on lines
-22
to
-26
| // Note, this name can be overridden by the client if set via a "download" attribute on the HTML tag. | ||
| 'content-disposition': `attachment; filename="${fileName || getDownloadedFileName(file)}"`, | ||
| 'cache-control': 'max-age=31536000, immutable', | ||
| // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options | ||
| 'x-content-type-options': 'nosniff', |
There was a problem hiding this comment.
The header fields content-disposition and x-content-type-options are removed because the handler res.file already takes care of providing these values.
eokoneyo
force-pushed
the
fix/issue-downloading-files-with-special-characters
branch
2 times, most recently
from
b28a416 to
e5e15f7
Compare
eokoneyo
force-pushed
the
fix/issue-downloading-files-with-special-characters
branch
from
2e829d8 to
d734899
Compare
eokoneyo
commented
Feb 19, 2024
| @@ -72,7 +72,7 @@ describe('File kind HTTP API', () => { | |||
| .expect(200); | |||
|
|
|||
| expect(header['content-type']).toEqual('image/png'); | |||
| expect(header['content-disposition']).toEqual('attachment; filename="test.png"'); | |||
| expect(header['content-disposition']).toEqual('attachment; filename=test.png'); | |||
There was a problem hiding this comment.
The res.file implementation provides the filename for content-disposition header without quotes, and is still a valid value, see the spec
eokoneyo
commented
Feb 19, 2024
| @@ -310,7 +310,7 @@ export default ({ getService }: FtrProviderContext): void => { | |||
| }); | |||
|
|
|||
| expect(header['content-type']).to.eql('image/png'); | |||
| expect(header['content-disposition']).to.eql('attachment; filename="test.png"'); | |||
| expect(header['content-disposition']).to.eql('attachment; filename=test.png'); | |||
|
/ci |
eokoneyo
force-pushed
the
fix/issue-downloading-files-with-special-characters
branch
from
d734899 to
9ac26a3
Compare
botelastic
bot
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
cnasikas
approved these changes
Feb 19, 2024
eokoneyo
force-pushed
the
fix/issue-downloading-files-with-special-characters
branch
from
9ac26a3 to
487695d
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @eokoneyo |
kibanamachine
added
v8.14.0
backport:skip
eokoneyo
deleted the
fix/issue-downloading-files-with-special-characters
branch
fkanout
pushed a commit
to fkanout/kibana
that referenced
this pull request
Mar 4, 2024
…ownloads (elastic#176822) ## Summary closes; elastic#173138 Looking into this, it turns out this issue was happening because the header value for `content-disposition` contained invalid characters given we were using the filename as is. See Screenshot resulting from debugging the request; <img width="846" alt="Screenshot 2024-02-13 at 13 38 53" src="https://github.com/elastic/kibana/assets/7893459/c1fbc09c-53c3-4d5b-8ba9-8752a56a9a6b"> To fix this, I've opted to leverage the ~package [content-disposition](https://github.com/jshttp/content-disposition), in place of some custom approach to fix this~ `res.file` handler which correctly handles computation for content-disposition in place of `res.ok` ~and providing our own computation of the value for content-disposition~. ## Verifying the fix: - Navigate to cases, (found in the the nav menu for stack management) - create a new case, if there isn't one you can readily use - click the files tab and grab an image you'd like to upload, before you do rename said image to `Screenshot 2023-12-11 at 1 29 07 PM` keeping it's extension - on image upload complete, you should be able to view the preview for the just uploaded image. <!-- ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) -->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
closes; #173138
Looking into this, it turns out this issue was happening because the header value for
content-dispositioncontained invalid characters given we were using the filename as is.See Screenshot resulting from debugging the request;
To fix this, I've opted to leverage the
package content-disposition, in place of some custom approach to fix thisres.filehandler which correctly handles computation for content-disposition in place ofres.okand providing our own computation of the value for content-disposition.Verifying the fix:
Screenshot 2023-12-11 at 1 29 07 PMkeeping it's extension