Closed
Description
Ryan Kaltreider opened SPR-13647 and commented
given the following urls
/users/[email protected] - Adds Content-Disposition f.txt
/users/[email protected]/ - functions as expected.
Controller Request Mapping is ```
/users/{userId}
These urls both function as expected in 4.2.1
Please let me know if you need any other info. In my mvc config i have suffix matching set to false.
Affects: 4.2.2
Issue Links:
- Content-Disposition header causes download in browser for Spring Boot Actuator endpoints [SPR-13587] #18164 Content-Disposition header causes download in browser for Spring Boot Actuator endpoints ("duplicates")
- Protect against RFD exploits [SPR-13548] #18124 Protect against RFD exploits