If Content-disposition is not safe to use, what can we use instead?

Question

I've read here that using content-disposition has security issues and is not part of the http standard. If content-disposition, what can we use instead?

I've also searched the list of all response fields categorized whether it is part of the standard or not and I've not seen a response field that can be used to replace content-disposition.

If you need it, you need it. – user2864740 May 05 '16 at 04:05 — user2864740, May 05 '16 at 04:05

score 0 · Accepted Answer · answered May 05 '16 at 07:46

Well, the information about not being a standard is incorrect - see https://greenbytes.de/tech/webdav/rfc6266.html and http://www.iana.org/assignments/message-headers/message-headers.xhtml (note that Wikipedia is entirely irrelevant with respect to this).

If Content-disposition is not safe to use, what can we use instead?

1 Answers1