Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP) # Most browsers will propose to save it under the cool.html filename (by default).Īn example of an HTML form posted using the multipart/form-data format that makes use of the Content-Disposition header: POST /test.html HTTP/1.1Ĭontent-Type: multipart/form-data boundary="boundary"Ĭontent-Disposition: form-data name="field1"Ĭontent-Disposition: form-data name="field2" filename="example.txt" This simple HTML file will be saved as a regular download rather than displayed in the browser. When both filename and filename* are present in a single header field value, filename* is preferred over filename when both are understood.Ī response triggering the "Save As" dialog: 200 OKĬontent-Disposition: attachment filename="cool.html" The parameters filename and filename* differ only in that filename* uses the encoding defined in RFC 5987. When used in combination with Content-Disposition: attachment, it is used as the default filename for an eventual "Save As" dialog presented to the user. This parameter provides mostly indicative information. The filename is always optional and must not be used blindly by the application: path information should be stripped, and conversion to the server file system rules should be done. Is followed by a string containing the original name of the file transmitted. There can be several subparts with the same name.Ī name with a value of '_charset_' indicatesīut the default charset to use for parts without explicit charset information. (for example, the multiple attribute of an element), When dealing with multiple files in the same field That the content of this subpart refers to. Experimental Feature-Policy: xr-spatial-trackingĬontaining the name of the HTML field in the form.Experimental Non-Standard Feature-Policy: unsized-media.Experimental Non-Standard Feature-Policy: unoptimized-images.Experimental Feature-Policy: speaker-selection.Experimental Feature-Policy: screen-wake-lock.Experimental Feature-Policy: publickey-credentials-get.Experimental Feature-Policy: picture-in-picture.Experimental Non-Standard Feature-Policy: oversized-images.
Experimental Feature-Policy: microphone.Experimental Feature-Policy: magnetometer.Experimental Non-Standard Feature-Policy: legacy-image-formats.Experimental Non-Standard Feature-Policy: layout-animations.Experimental Feature-Policy: geolocation.Experimental Feature-Policy: fullscreen.Experimental Feature-Policy: encrypted-media.Experimental Feature-Policy: document-domain.Experimental Feature-Policy: display-capture.Experimental Feature-Policy: ambient-light-sensor.Experimental Feature-Policy: accelerometer.Reason: CORS preflight channel did not succeed.Reason: CORS header 'Origin' cannot be added.Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'.Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed.Reason: CORS header 'Access-Control-Allow-Origin' missing.Reason: missing token 'xyz' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel.Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'.Reason: Did not find method in CORS header 'Access-Control-Allow-Methods'.
Reason: invalid token 'xyz' in CORS header 'Access-Control-Allow-Headers'.Reason: CORS request external redirect not allowed.Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'.Experimental Non-Standard Deprecated Viewport-Width.Experimental Sec-CH-UA-Platform-Version.Experimental Sec-CH-UA-Full-Version-List.Non-Standard Deprecated Large-Allocation.Experimental Non-Standard Deprecated DPR.Experimental Non-Standard Deprecated Content-DPR.Experimental Non-Standard Deprecated Accept-CH-Lifetime.