Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
content-disposition-header
Advanced tools
content-disposition rewrite with browser and Node.js support
content-disposition
rewrite with browser and Node.js support.
Create and parse HTTP Content-Disposition
header
$ npm install content-disposition-header
or
$ yarn add content-disposition-header
var { create, parse } = require("content-disposition-header");
or
import { create, parse } from "content-disposition-header";
Create an attachment Content-Disposition
header value using the given file name,
if supplied. The filename
is optional and if no file name is desired, but you
want to specify options
, set filename
to undefined
.
res.setHeader("Content-Disposition", contentDisposition("∫ maths.pdf"));
note HTTP headers are of the ISO-8859-1 character set. If you are writing this
header through a means different from setHeader
in Node.js, you'll want to specify
the 'binary'
encoding in Node.js.
contentDisposition
accepts these properties in the options object.
If the filename
option is outside ISO-8859-1, then the file name is actually
stored in a supplemental field for clients that support Unicode file names and
a ISO-8859-1 version of the file name is automatically generated.
This specifies the ISO-8859-1 file name to override the automatic generation or
disables the generation all together, defaults to true
.
false
will disable including a ISO-8859-1 file name and only include the
Unicode version (unless the file name is already ISO-8859-1).true
will enable automatic generation if the file name is outside ISO-8859-1.If the filename
option is ISO-8859-1 and this option is specified and has a
different value, then the filename
option is encoded in the extended field
and this set as the fallback field, even though they are both ISO-8859-1.
Specifies the disposition type, defaults to "attachment"
. This can also be
"inline"
, or any other value (all values except inline are treated like
attachment
, but can convey additional information if both parties agree to
it). The type is normalized to lower-case.
var disposition = contentDisposition.parse(
"attachment; filename=\"EURO rates.txt\"; filename*=UTF-8''%e2%82%ac%20rates.txt"
);
Parse a Content-Disposition
header string. This automatically handles extended
("Unicode") parameters by decoding them and providing them under the standard
parameter name. This will return an object with the following properties (examples
are shown for the string 'attachment; filename="EURO rates.txt"; filename*=UTF-8\'\'%e2%82%ac%20rates.txt'
):
type
: The disposition type (always lower case). Example: 'attachment'
parameters
: An object of the parameters in the disposition (name of parameter
always lower case and extended versions replace non-extended versions). Example:
{filename: "€ rates.txt"}
var contentDisposition = require("content-disposition");
var destroy = require("destroy");
var fs = require("fs");
var http = require("http");
var onFinished = require("on-finished");
var filePath = "/path/to/public/plans.pdf";
http.createServer(function onRequest(req, res) {
// set headers
res.setHeader("Content-Type", "application/pdf");
res.setHeader("Content-Disposition", contentDisposition(filePath));
// send file
var stream = fs.createReadStream(filePath);
stream.pipe(res);
onFinished(res, function () {
destroy(stream);
});
});
$ npm test
FAQs
content-disposition rewrite with browser and Node.js support
The npm package content-disposition-header receives a total of 3,034 weekly downloads. As such, content-disposition-header popularity was classified as popular.
We found that content-disposition-header demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.