nodejs · mohithbunny · May 10, 2025 · jasnell · May 12, 2025 · mohithbunny
diff --git a/lib/_http_outgoing.js b/lib/_http_outgoing.js
@@ -635,6 +635,19 @@ function parseUniqueHeadersOption(headers) {
 
   return unique;
 }
+function maybeEncodeFilenameHeader(value) {
+  const filenameMatch = value.match(/filename="(.+?)"/);
+  if (!filenameMatch) return value;
+
+  const filename = filenameMatch[1];
+  if (/^[\x00-\x7F]*$/.test(filename)) {
+    // ASCII only — no need to encode
+    return value;
+  }
+
+  const encoded = encodeURIComponent(filename);
+  return `attachment; filename*=UTF-8''${encoded}`;
+}
 
 OutgoingMessage.prototype.setHeader = function setHeader(name, value) {
   if (this._header) {
@@ -646,6 +659,9 @@ OutgoingMessage.prototype.setHeader = function setHeader(name, value) {
   let headers = this[kOutHeaders];
   if (headers === null)
     this[kOutHeaders] = headers = { __proto__: null };
+if (name.toLowerCase() === 'content-disposition') {
+  value = maybeEncodeFilenameHeader(value);
+}
 
   headers[name.toLowerCase()] = [name, value];
   return this;