In AEM 6.2 and 6.3, when we attempt to hit the static content such as (/content/site/static-page.html), it is treated as a binary download and does the same for all other file types(pdf,css, js, images) where response header shows Content-Disposition as an attachment.
In previous versions of AEM (6.1 and below), com.day.cq.dam.core.impl.servlet.SafeBinaryGetServlet was there to control response header to render page instead of download. However from 6.2, this component is deprecated and the reason is Apache Sling Content Disposition Filter(org.apache.sling.security.impl.ContentDispositionFilter) took precedence and an intended change made in product from AEM 6.2 onward and was introduced as part of Sling Security Fix.
Here we have steps to render static pages:
Apache Sling Content Disposition Filter Configuration where static files needs to be added to meet requirements.
Configuration can be reverted back to render static pages without adding it manually in OSGI by uncheck the checkbox(Enable Content Disposition for all paths) and the file would directly open in the browser instead of getting downloaded.
This is how static content can be hosted in JCR and renders in page.
There is a reason why this has been implemented that way in the product. It's security.
Of course you can turn it of. You are turning off a security feature of the product. Can you answer the question "are you sure what you are doing, are you aware of consequences and do you accept any negative outcome" with YES? Then go on.
I have not asked this as a question, instead posted this in forum.
We are using this as a security feature only.
I just wanted to add this as a comment to your tutorial, how to turn this security feature off.
Just in case someone reads it and thinks that this is a good idea without being aware of the consequences :-)