java - 在 Jasperreports 中从服务器接收到多个不同的 Content-Disposition header

标签 java servlets http-headers jasper-reports

我正在尝试设置内容处置 header 以响应 servlet,但我在浏览器中收到此错误。我该怎么办?

Duplicate headers received from server

The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.

Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple distinct Content-Disposition headers received. This is disallowed to protect against HTTP response splitting attacks.

这是我的 servlet Controller :

@RequestMapping("/**/paymentOrderReport.pdf")
public class PaymentOrderReportViewController extends org.springframework.web.servlet.mvc.AbstractController {
    
    private PaymentDao paymentDao;
    private JasperPdfView pdfView;

    @Override
    protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {

        response.setContentType("application/pdf");
        response.setHeader("Content-disposition", "attachment; filename=" + "report.pdf");

        PaymentOrderEntity paymentOrderEntity = null;
        String traceCode = request.getParameter(ParamConstants.TRACE_CODE);

        if (traceCode != null) {
            PaymentSheetRequestEntity payRequestEntity = paymentDao.loadByUniqueProperty(PaymentSheetRequestEntity.PROP_TRACE_CODE,
                    traceCode);
            if (payRequestEntity != null) {
                paymentOrderEntity = payRequestEntity.getPaymentOrder();
            }
        }

        if (paymentOrderEntity != null) {
            List<PaymentOrderEntity> result = new ArrayList<PaymentOrderEntity>();
            result.add(paymentOrderEntity);
            JRDataSource jrDataSource = new JRBeanCollectionDataSource(result);

            Map<String, Object> model = new HashMap<String, Object>();
            model.put("reportData", jrDataSource);

            return new ModelAndView(pdfView, model);
        }
        return null;
    }
    
    public void setPaymentDao(PaymentDao paymentDao) {
        this.paymentDao = paymentDao;
    }

    public void setPdfView(JasperPdfView pdfView) {
        this.pdfView = pdfView;
    }
}

和 JasperPdfView 类:

public class JasperPdfView extends AbstractJasperReportsView {
    
    @Override
    protected void renderReport(JasperPrint populatedReport, Map<String, Object> model, HttpServletResponse response) throws Exception {
        JRPdfExporter jrPdfExporter = new JRPdfExporter();
        if (getConvertedExporterParameters() != null) {
            jrPdfExporter.setParameters(getConvertedExporterParameters());
        }
        jrPdfExporter.setParameter(JRExporterParameter.JASPER_PRINT, populatedReport);
        jrPdfExporter.setParameter(JRExporterParameter.OUTPUT_STREAM, response.getOutputStream());
        jrPdfExporter.exportReport();
    }
    
}

最佳答案

如果您正在下载文件名中包含逗号的文件,谷歌浏览器可能会显示此错误消息。您真的只使用“report.pdf”作为文件名吗?

已阅读 HTTP specs Content-Disposition header (不是 HTTP 规范本身的一部分)不应包含逗号字符,因为它将被视为两个不同 header 的分隔符。

Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma.

因此,如果您的文件名是 report,May2014.pdf,那么 Chrome 会解释

内容配置:附件; filename=report,May2014.pdf

作为同一个 http 消息头的两个值

内容配置:附件;文件名=报告

Content-Disposition: May2014.pdf

这又被解释为 HTTP response splitting attack ,可能是因为在单个 HTTP 响应中实际上不应有多个 Content-Disposition header 值。

其他浏览器似乎并不介意文件名中的逗号。

关于java - 在 Jasperreports 中从服务器接收到多个不同的 Content-Disposition header ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15599618/

相关文章:

java - Rxjava 为什么 Schedulers.trampoline() 命名为 'trampoline' ?

java - 原始 Servlet 与 Spring MVC

python - 如何停止 HTTP(以及 rfc822、电子邮件) header 注入(inject)?

jquery - $.getJSON 请求上没有 'Access-Control-Allow-Origin' header

php - 检查是否从 iOS 设备访问 PHP 页面

java - 调用另一个类时出现 NoSuchElementException

java - Thread#join() 是否让其他线程通过同步块(synchronized block)?

java - ArrayList removeAll() 不删除对象

javascript - 我在 jsp 中有一个表,有 5 行和 3 列,我想在 servlet 中打印它,我该怎么做?

java - 如何在java中获取字符串数组中的所有下拉值?