I'm dealing with an issue with the Content-Disposition header for the request that downloads a file with a name that uses non ASCII characters. In theory, according to RFC 6266 https://datatracker.ietf.org/doc/html/rfc6266#section-4.3 it's possible to use non ASCII characters if we specify the encoding used (in this case UTF-8), like this https://datatracker.ietf.org/doc/html/rfc6266#section-5
Direct the UA to show "save as" dialog, with a filename containing the Unicode character U+20AC (EURO SIGN):
Content-Disposition: attachment; filename*=UTF-8''%e2%82%ac%20rates
And according to these tests Chrome is supposed to support this: http://test.greenbytes.de/tech/tc2231/#attwithfn2231utf8
However, when I specify this encoding using the class ContentDisposition.java of Spring like this:
ContentDisposition contentDisposition = ContentDisposition.attachment()
.filename(fileName, UTF_8)
.build();
// Adding some headers for security: https://www.owasp.org/index.php/Unrestricted_File_Upload
response.setHeader(HttpHeaders.CONTENT_DISPOSITION, contentDisposition + ";");
response.setHeader(com.google.common.net.HttpHeaders.X_CONTENT_TYPE_OPTIONS, X_CONTENT_TYPE_OPTIONS_NOSNIFF);
contentDisposition gets converted to:
attachment; filename*=UTF8''%D0%A0%D0%B5%D0%B7%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D1%82%D1%8B_%D0%BE%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F_%D1%83%D1%87%D0%B5%D0%B1%D0%BD%D1%8B%D1%85_%D0%B4%D0%B0%D0%BD%D0%BD%D1%8B%D1%85.docx;
Where '%D0%A0%D0%B5%D0%B7%...' is the encoded filename that uses Cyrillic characters.
When I download the attachment it downloads it with the name "ttachment; filename_=UTF-8''%D0%A0%D0%B5%D0%B7%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D1%82%D1%8B_%D0%BE%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F_%D1%83%D1%87%D0%B5%D0%B1%D0%BD%D1%8B%D1%85_%D0%B4%D0%B0%D0%BD%D0%BD%D1%8B%D1%85.docx"
Which means that for some reason the browser is not parsing the filename specified in the content disposition header.
I've tried Chrome 121, Firefox 122 and MS Edge 121 with the same result.
What I am missing?