Sometimes you just want to reach across the Net with your Mighty Clue-by-Four and revise all incorrect, or partial, examples in one fell swoop.
Here’s one. O’Reilly offers some enterprise best practices for Java developers, and in this sage advice on using Content-Disposition:, they suggest the following.
// Set the headers.
res.setContentType("application/x-download");
res.setHeader("Content-Disposition", "attachment; filename=" + filename);
// Send the file.
OutputStream out = res.getOutputStream( );
returnFile(filename, out); // Shown earlier in the chapter
No! Not + filename! The filename may contain spaces and other special characters, and the value of filename= is, in the ASCII case, a token or a quoted string.
But these are “enterprise” recommendations, so why should I be surprised?