✨ [#75] Offer metadata as file for download

Using Content-Disposition attachment offers the file for download to the client rather than viewing it inline. The actual reason the dislaying was botched was because of the content security policy which blocked styles (not sure how that works). However, if that were to be addressed, it leaves the certificate data newlines being displayed as spaces, still producing content that is not ready to copy-and-paste, so downloading a file is the best option.
maykinmedia · Jul 17, 2024 · 85b52f9 · 85b52f9
1 parent 0189ace
commit 85b52f9
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/digid_eherkenning/metadata_urls.py b/digid_eherkenning/metadata_urls.py
@@ -16,6 +16,7 @@
         MetadataView.as_view(
             config_model=DigidConfiguration,
             metadata_generator=generate_digid_metadata,
+            filename="digid-metadata.xml",
         ),
         name="digid",
     ),
@@ -24,6 +25,7 @@
         MetadataView.as_view(
             config_model=EherkenningConfiguration,
             metadata_generator=generate_eherkenning_metadata,
+            filename="eh-metadata.xml",
         ),
         name="eherkenning",
     ),
@@ -32,6 +34,7 @@
         MetadataView.as_view(
             config_model=EherkenningConfiguration,
             metadata_generator=generate_dienst_catalogus_metadata,
+            filename="dienstcatalogus.xml",
         ),
         name="eh-dienstcatalogus",
     ),

diff --git a/digid_eherkenning/saml2/digid.py b/digid_eherkenning/saml2/digid.py
@@ -12,7 +12,7 @@ def generate_digid_metadata() -> bytes:
     client.saml2_setting_kwargs = {"sp_validation_only": True}
     metadata = client.create_metadata()
     return (
-        b"<?xml version='1.0' encoding='UTF-8'?>" + metadata
+        b'<?xml version="1.0" encoding="UTF-8"?>\n' + metadata
         if not metadata.startswith(b"<?xml")
         else metadata
     )

diff --git a/digid_eherkenning/saml2/eherkenning.py b/digid_eherkenning/saml2/eherkenning.py
@@ -62,7 +62,7 @@ def generate_eherkenning_metadata():
     client.saml2_setting_kwargs = {"sp_validation_only": True}
     metadata = client.create_metadata()
     return (
-        b'<?xml version="1.0" encoding="UTF-8"?>' + metadata
+        b'<?xml version="1.0" encoding="UTF-8"?>\n' + metadata
         if not metadata.startswith(b"<?xml")
         else metadata
     )

diff --git a/digid_eherkenning/views/metadata.py b/digid_eherkenning/views/metadata.py
@@ -15,6 +15,7 @@
 class MetadataView(View):
     config_model: Type[BaseConfiguration] = BaseConfiguration
     metadata_generator: Callable[[], bytes] = lambda: b""
+    filename: str = "metadata.xml"
 
     def get(self, request: HttpRequest) -> HttpResponseBase:
         config = self.config_model.get_solo()
@@ -43,7 +44,15 @@ def get(self, request: HttpRequest) -> HttpResponseBase:
                 },
             )
             return self._get_generic_error_response()
-        return HttpResponse(metadata, content_type="text/xml")
+        # RFC 6266, 4.1, and RFC 2616 Section 2.2
+        sanitized_filename = self.filename.replace('"', r"\"")
+        return HttpResponse(
+            metadata,
+            content_type="text/xml",
+            headers={
+                "Content-Disposition": f'attachment; filename="{sanitized_filename}"',
+            },
+        )
 
     @staticmethod
     def _get_generic_error_response() -> HttpResponseBadRequest: