From 8f976f726408fd222c11c3e6ef830395a5069e3e Mon Sep 17 00:00:00 2001
From: Andrew Powers-Holmes <aholmes@omnom.net>
Date: Sun, 10 Dec 2023 21:46:11 +1100
Subject: [PATCH] Add workaround for noncompliant Content-Disposition headers.

Despite it not being allowed by RFC 6266, many servers send
`Content-Disposition` headers with a trailing `;`, including several major
content distribution networks. Add a check for a trailing semicolon in
`parse_content_disposition()` which will log a message at INFO level
for each offending URL and ignore the `;`.
---
 src/util.cc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/util.cc b/src/util.cc
index 07502c0e..a66a5eed 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -1245,6 +1245,16 @@ ssize_t parse_content_disposition(char* dest, size_t destlen,
   *charsetp = nullptr;
   *charsetlenp = 0;
 
+  /*
+   * Ignore trailing ';' in Content-Disposition header; this is not
+   * compliant with RFC 6266, but many servers send it anyway (e.g. CloudFront)
+   */
+  if (len > 0 && *eop == ';') {
+    A2_LOG_INFO("Non-compliant Content-Disposition header (trailing ';') - "
+                "will ignore it");
+    eop--;
+  }
+
   for (; p != eop; ++p) {
     switch (state) {
     case CD_BEFORE_DISPOSITION_TYPE: