6. Internationalization Considerations

The "filename*" parameter (Section 4.3), using the encoding defined in [RFC5987], allows the server to transmit characters outside the ISO-8859-1 character set, and also to optionally specify the language in use.

Future parameters might also require internationalization, in which case the same encoding can be used.

7. Security Considerations

Using server-supplied information for constructing local filenames introduces many risks. These are summarized in Section 4.3.

Furthermore, implementers ought to be aware of the security considerations applying to HTTP (see Section 15 of [RFC2616]), and also the parameter encoding defined in [RFC5987] (see Section 5).

8. IANA Considerations

8.1. Registry for Disposition Values and Parameters

This specification does not introduce any changes to the registration procedures for disposition values and parameters that are defined in Section 9 of [RFC2183].

8.2. Header Field Registration

This document updates the definition of the Content-Disposition HTTP header field in the permanent HTTP header field registry (see [RFC3864]).

Header field name: Content-Disposition

Applicable protocol: http

Status: standard

Author/Change controller: IETF

Specification document: this specification (Section 4)

Related information: none

9. Acknowledgements

Thanks to Adam Barth, Rolf Eike Beer, Stewart Bryant, Bjoern Hoehrmann, Alfred Hoenes, Roar Lauritzsen, Alexey Melnikov, Henrik Nordstrom, and Mark Nottingham for their valuable feedback.

7. Security Considerations

8. IANA Considerations

8.1. Registry for Disposition Values and Parameters​

8.2. Header Field Registration​

9. Acknowledgements

8.1. Registry for Disposition Values and Parameters

8.2. Header Field Registration