Artifacts stored on S3 do not follow the "Allow artifacts to be embedded in Bamboo pages" security setting and hardcode the content-disposition as "attachment"

Problem

Bamboo allows customers to bypass security settings and permit inline content by setting the Allow artifacts to be embedded in Bamboo pages property under Security settings. This feature works well for "local" artifacts, but whenever an S3 Artifact handler is used, download links are always presented with a content-disposition=attachment URL, regardless of the file's MIME type. This metadata forces the browser to always download the content, instead of exposing it directly on the page.

Environment

• Bamboo DC

Steps to Reproduce

1. Set Allow artifacts to be embedded in Bamboo pages as enabled or disabled, it doesn't matter
2. Generate an artifact with a "txt", "html", or a "jpeg/png" image and store it using an S3 Artifact handler
3. Locate the artifact, hover the mouse on the link and notice the value of the response-content-disposition property in the URL
4. Click on the link

Expected Results

1. In case Allow artifacts to be embedded in Bamboo pages is set and the object's MIME type starts with image, text, or is application/xml, the browser should render it directly on the page

Actual Results

All files are downloaded

Workaround

Temporarily use a browser plugin such as https://modheader.com to override the content-disposition value and set it to inline when connecting to the S3 bucket.

Notes