本文介绍了在Jasperreports中从服务器接收多个不同的Content-Disposition标头的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试设置内容处理标头以响应servlet,但我在浏览器中收到此错误。我该怎么办?

I'm trying to set content-disposition header in response of servlet, but i get this error in browser. What should i do?

来自服务器
的响应包含重复的标头。此问题通常是
配置错误的网站或代理的结果。只有网站或代理
管理员才能解决此问题。

The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.

错误349(net :: ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION):收到多个
不同的Content-Disposition标头。这是不允许
防止HTTP响应分裂攻击。

Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple distinct Content-Disposition headers received. This is disallowed to protect against HTTP response splitting attacks.

这里我的servlet控制器:

Here my servlet controller:

@RequestMapping("/**/paymentOrderReport.pdf")
public class PaymentOrderReportViewController extends org.springframework.web.servlet.mvc.AbstractController {

    private PaymentDao paymentDao;
    private JasperPdfView pdfView;

    @Override
    protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {

        response.setContentType("application/pdf");
        response.setHeader("Content-disposition", "attachment; filename=" + "report.pdf");

        PaymentOrderEntity paymentOrderEntity = null;
        String traceCode = request.getParameter(ParamConstants.TRACE_CODE);

        if (traceCode != null) {
            PaymentSheetRequestEntity payRequestEntity = paymentDao.loadByUniqueProperty(PaymentSheetRequestEntity.PROP_TRACE_CODE,
                    traceCode);
            if (payRequestEntity != null) {
                paymentOrderEntity = payRequestEntity.getPaymentOrder();
            }
        }

        if (paymentOrderEntity != null) {
            List<PaymentOrderEntity> result = new ArrayList<PaymentOrderEntity>();
            result.add(paymentOrderEntity);
            JRDataSource jrDataSource = new JRBeanCollectionDataSource(result);

            Map<String, Object> model = new HashMap<String, Object>();
            model.put("reportData", jrDataSource);

            return new ModelAndView(pdfView, model);
        }
        return null;
    }

    public void setPaymentDao(PaymentDao paymentDao) {
        this.paymentDao = paymentDao;
    }

    public void setPdfView(JasperPdfView pdfView) {
        this.pdfView = pdfView;
    }
}

和JasperPdfView类:

And JasperPdfView Class:

public class JasperPdfView extends AbstractJasperReportsView {

    @Override
    protected void renderReport(JasperPrint populatedReport, Map<String, Object> model, HttpServletResponse response) throws Exception {
        JRPdfExporter jrPdfExporter = new JRPdfExporter();
        if (getConvertedExporterParameters() != null) {
            jrPdfExporter.setParameters(getConvertedExporterParameters());
        }
        jrPdfExporter.setParameter(JRExporterParameter.JASPER_PRINT, populatedReport);
        jrPdfExporter.setParameter(JRExporterParameter.OUTPUT_STREAM, response.getOutputStream());
        jrPdfExporter.exportReport();
    }

}


推荐答案

如果您要下载文件名中包含逗号的文件,则Google Chrome可能会显示此错误消息。你真的只使用report.pdf作为文件名吗?

Google Chrome might display this error message if you are downloading a file which has a comma in the file name. Were you really using just "report.pdf" as filename?

阅读 Content-Disposition标头(不属于HTTP规范本身)不应包含逗号字符,因为它将被视为两个分隔符不同的标题。

Having read the HTTP specs the Content-Disposition header (which is not part of the HTTP spec itself) should not include a comma character, because it will be treated as a separator for two different headers.

因此,如果您的文件名是报告,May2014.pdf然后Chrome解释

So if your filename were report,May2014.pdf then Chrome interprets

内容 - 处置:附件; filename = report,May2014.pdf

作为同一http消息头的两个值

as two values for the same http message header

内容 - 处置:附件; filename = report

Content-Disposition:May2014.pdf

反过来被解释为,可能是因为应该实际上在单个HTTP响应中没有多个Content-Disposition标头值。

which in turn is interpreted as a HTTP response splitting attack, probably because there shall actually be no multiple Content-Disposition header values in a single HTTP response.

其他浏览器似乎不介意文件名中的逗号。

Other browsers does not seem to mind the comma in the file name.

这篇关于在Jasperreports中从服务器接收多个不同的Content-Disposition标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-15 02:20