C# force download file - pity, that
Content-Disposition
In a regular HTTP response, the response header is a header indicating if the content is expected to be displayed inline in the browser, that is, as a Web page or as part of a Web page, or as an attachment, that is downloaded and saved locally.
In a body, the HTTP general header is a header that must be used on each subpart of a multipart body to give information about the field it applies to. The subpart is delimited by the boundary defined in the header. Used on the body itself, has no effect.
The header is defined in the larger context of MIME messages for e-mail, but only a subset of the possible parameters apply to HTTP forms and requests. Only the value , as well as the optional directive and , can be used in the HTTP context.
Syntax
As a response header for the main body
The first parameter in the HTTP context is either (default value, indicating it can be displayed inside the Web page, or as the Web page) or (indicating it should be downloaded; most browsers presenting a 'Save as' dialog, prefilled with the value of the parameters if present).
Content-Disposition: inline Content-Disposition: attachment Content-Disposition: attachment; filename="filename.jpg"Notes: Chrome, and Firefox 82 and later, prioritize the HTML <a> element's attribute over the parameter (for same-origin URLs). Earlier Firefox versions prioritize the header and will display the content inline.
As a header for a multipart body
A body requires a header to provide information for each subpart of the form (e.g. for every form field and any files that are part of field data). The first directive is always , and the header must also include a parameter to identify the relevant field. Additional directives are case-insensitive and have arguments that use quoted-string syntax after the sign. Multiple parameters are separated by a semi-colon ().
Content-Disposition: form-data; name="fieldName" Content-Disposition: form-data; name="fieldName"; filename="filename.jpg"Directives
- Is followed by a string containing the name of the HTML field in the form that the content of this subpart refers to. When dealing with multiple files in the same field (for example, the attribute of an element), there can be several subparts with the same name.
- A with a value of indicates that the part is not an HTML field, but the default charset to use for parts without explicit charset information.
- Is followed by a string containing the original name of the file transmitted. The filename is always optional and must not be used blindly by the application: path information should be stripped, and conversion to the server file system rules should be done. This parameter provides mostly indicative information. When used in combination with , it is used as the default filename for an eventual "Save As" dialog presented to the user.
The parameters and differ only in that uses the encoding defined in RFC 5987. When both and are present in a single header field value, is preferred over when both are understood.
The string following should always be put into quotes; but, for compatibility reasons, many browsers try to parse unquoted names that contain spaces.
Examples
A response triggering the "Save As" dialog:
200 OK Content-Type: text/html; charset=utf-8 Content-Disposition: attachment; filename="cool.html" Content-Length: 21 <HTML>Save me!</HTML>This simple HTML file will be saved as a regular download rather than displayed in the browser. Most browsers will propose to save it under the filename (by default).
An example of an HTML form posted using the format that makes use of the header:
POST /test.html HTTP/1.1 Host: example.org Content-Type: multipart/form-data;boundary="boundary" --boundary Content-Disposition: form-data; name="field1" value1 --boundary Content-Disposition: form-data; name="field2"; filename="example.txt" value2 --boundary--Specifications
Specification | Title |
---|---|
RFC 7578 | Returning Values from Forms: multipart/form-data |
RFC 6266 | Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP) |
RFC 2183 | Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field |
Browser compatibility
Desktop | Mobile | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | Android webview | Chrome for Android | Firefox for Android | Opera for Android | Safari on iOS | Samsung Internet |
ChromeFull support Yes | EdgeFull support 12 | FirefoxFull support Yes
| IEFull support Yes | OperaFull support Yes | SafariFull support Yes | WebView AndroidFull support Yes | Chrome AndroidFull support Yes | Firefox AndroidFull support Yes
| Opera AndroidFull support Yes | Safari iOSFull support Yes | Samsung Internet AndroidFull support Yes |
Legend
- Full support
- Full support
- See implementation notes.
- See implementation notes.
Compatibility notes
- Firefox 5 handles the HTTP response header more effectively if both the and parameters are provided; it looks through all provided names, using the parameter if one is available, even if a parameter is included first. Previously, the first matching parameter would be used, thereby preventing a more appropriate name from being used. See bug 588781.
- Firefox 82 (and later) and Chrome prioritize the HTML <a> element's attribute over the parameter (for same-origin URLs). Earlier Firefox versions prioritize the header and will display the content inline.
-