fix: add RFC 5987 filename* encoding for non-attr-char characters#606
fix: add RFC 5987 filename* encoding for non-attr-char characters#606abhu85 wants to merge 1 commit into
Conversation
When filenames contain characters outside the RFC 5987 attr-char set (such as parentheses, spaces, or non-ASCII characters), servers like .NET 8 reject the Content-Disposition header. Add a properly encoded filename* parameter alongside the existing filename parameter per RFC 6266 / RFC 5987. The simple filename is preserved for backward compatibility, while filename* provides the standards-compliant percent-encoded form. Characters in the attr-char set (ALPHA / DIGIT / "!" / "#" / "$" / "&" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~") are left unencoded; everything else is percent-encoded from its UTF-8 bytes. Fixes form-data#572
|
Your test case uses APIs that aren't available in the browser. What do browsers do here? Can you modify the test case so it only uses HTML's FormData API? |
|
The test follows the same pattern as all other integration tests in this repo (e.g., Regarding browser behavior: the native browser That said — if you'd prefer the test validate against an actual HTTP server round-trip (like |
|
I think it's fine to have the test case as-is; i was mainly looking for something i could run in node and browsers to check what the global FormData does, and in which node version it changed (assuming that's the explanation for the difference here). |
|
Tested Node.js native Node's native Browser behavior differs: Chrome/Firefox emit So neither Node native nor browsers add This isn't a behavior Node changed at a specific version — Node's native FormData (added in v18 behind a flag, stable in v20+) has always only emitted |
Summary
filename*parameter to Content-Disposition headers when filenames contain characters outside the attr-char setfilenameparameter for backward compatibilityProblem
When filenames contain characters like parentheses — which are RFC 2616 separators and not in the RFC 5987
attr-charset — some servers (notably .NET 8) reject the Content-Disposition header with: "Form section has invalid Content-Disposition value".Before:
After (when filename contains non-attr-char characters):
The simple
filenameis preserved for backward compatibility;filename*provides the standards-compliant RFC 5987 encoded form. Per RFC 6266,filename*takes precedence when both are present.Solution
FormData.NON_ATTR_CHAR_RE— regex matching characters outside RFC 5987 attr-charFormData._rfc5987Encode()— percent-encodes non-attr-char bytes from UTF-8 representation_getContentDisposition()to return bothfilenameandfilename*when the filename contains non-attr-char charactersfilenameis returned)Test Plan
test-rfc5987-filename-encoding.js:file(1).txt)my file.txt)café.txt→%C3%A9)filename*added)filename*added)🎉→%F0%9F%8E%89)Compatibility
filenameparameter preservedfilename*only added when needed (non-attr-char characters present)Fixes #572