ORA File Uploads - Commas in filenames causes downloads to fail in Chrome

Description

See this discussion thread for example case.

Problem: Commas in filenames will cause downloads to break on Chrome.

Impact: A reviewer on Chrome will see an error page when trying to download a submitted file.

Workaround: Download from another browser.

Technical details: a file uploaded with name this-is-a-pdf,pdf.pdf will fail to download on Chrome with the error ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION, while other browsers ignore the issue.

Note: from a security standpoint we should also dig into whether this lets learners upload files of the wrong type (e.g. a .exe masquerading as a .pdf)

Steps to Reproduce

Upload a file to ORA with a comma in the filename. From Chrome, attempt to download the file by clicking the file link.

Current Behavior

User sees a Chrome error page, with the error ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION.

Expected Behavior

File downloads correctly.

Reason for Variance

Chrome (and possibly Chromium-based browsers) is more aggressive with error handling around this particular header.

Release Notes

None

User Impact Summary

None
Done

Assignee

Nathan Sprenkle

Reporter

Nathan Sprenkle

Labels

Reach

None

Impact

None

Platform Area

None

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Story Points

1

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Sprint

None

Priority

Unset