The HTTP Content-Disposition header is used to instruct the client as to how the information is displayed in a regular or multipart HTTP response.
In a standard HTTP response, the Content-Disposition header dictates whether the content is displayed in the browser or, instead, made available as an attachment to be downloaded to local storage.
When the HTTP response has a body of type
multipart/form-data, this HTTP header is required to provide information about the subpart that it pertains to. The subpart is delimited by the boundary that is defined in the HTTP Content-Type header. The Content-Disposition does not affect the body of the HTTP response.
The parameters for a regular HTTP response are
filename. Multiple directives are delimited by a semicolon.
inline directive will direct the client’s browser to display the content as a web page, or as part of a web page.
Content-Disposition: attachment Content-Disposition: attachment; filename="document.doc"
These are two examples of this HTTP header that will, in many implementations, present the user with an option to save the attachment to local storage. In the second example, the filename "document.doc" will be the default filename in a "Save as…" dialog.
Multipart Response Body
In a multipart body, where the HTTP Content-Disposition header is responsible for providing information about each subpart, the directives are
form-data directive is first and the
name directive is required to identify the field in question. Multiple directives are delimited by a semicolon.
Content-Disposition: form-data; name="<field-name>"
When the response contains multiple files in the same field, it is possible to have several subparts with the same name. This can happen, for example, with the
multiple attribute on an input form.
name directive has a value of
_CHARSET_ then it is not part of the HTML field. Rather, it is the default character set that is to be used for parts where one is not explicitly defined.
filename* directives are identical except that
filename* uses the encoding specified in RFC 8187. If both directives are present in the header then the
filename* is given priority.
The HTTP Content-Disposition header directs the client in terms of whether the HTTP response is displayed in the browser or saved in local storage. For
multipart/form-data, it provides the necessary information about the sub-parts of the message.