Before you begin
To edit configuration files, you must use the IBM
® Application Server wsadmin client. See Starting the wsadmin client
for information about how to start the wsadmin command-line tool.
About this task
By default, the IBM
Connections server passes Files application files to browsers with the header "Content-Disposition: attachment." This means files display as attachments; when users click the attachment they are prompted to open or download the file. It also prevents embedding files. If you want to embed files in your own HTML page using an <embed> tag, the content disposition must be inline. This affects active content, such as Adobe
Flash (.swf), and HTML pages referenced with <iframe>.
Configure a property in files-config.xml
to change the content disposition from attachment to inline. Then set the inline
parameter to true
in your Files API download requests.
Important: Files uses the attachment disposition for security reasons. Specifically, uploaded files could potentially contain malicious code that can exploit the cross-site scripting vulnerabilities of some browsers. If you switch to inline disposition, you should configure an alternate domain download for greater security. See Mitigating a cross site scripting attack
Parent topic: Administering Files
Applying Files property changes
Mitigating a cross site scripting attack
Files configuration properties
- Start the wsadmin client.
- Start the Files Jython script interpreter.
- Use the following command to access the Files configuration files:
If you are asked to select a server, you can select any server.
- Check out the Files configuration files using the following command:
- working_directory is the temporary working directory to which the configuration XML and XSD files are copied. The files are kept in this working directory while you make changes to them.
Note: AIX® and Linux® only: The directory must grant write permissions or the command will not run successfully.
- cell_name is the name of the WebSphere Application Server cell hosting the IBM Connections application. This argument is required. If you do not know the cell name, you can determine it by typing the following command in the wsadmin command processor:
- Change the content disposition to inline using the following command:
- You must check the configuration files back in after making changes, and they must be checked in during the same wsadmin session in which they were checked out for the changes to take effect. See the topic Applying Files property changes for details.
- Set the inline parameter to true in your download requests, for example:
http://<host>:<port>/files/form/anonymous/api/library/<library ID>/document/<file ID>/media/<FileName>.<ext>?inline=true
See Downloading a file