[whatwg] a rel=attachment

Ian Fette (イアンフェッティ) ifette at google.com
Fri Jul 15 14:32:54 PDT 2011


On Fri, Jul 15, 2011 at 1:15 PM, Julian Reschke <julian.reschke at gmx.de>wrote:

> On 2011-07-15 19:05, Ian Fette (イアンフェッティ) wrote:
>
>> ..
>>
>>> It also doesn't naturally help understanding that it's just poor man's
>>> Content-Disposition:**attachment. From this point of view, I like Ian's
>>> original proposal (rel=attachment) more.
>>>
>>>
>> Yes and no - both are sort of a poor man's Content-Disposition :) The
>> question is whether we need to handle filename, and the proposal of
>> download=filename at least maps content-disposition fully and compactly.
>> ...
>>
>
> Well, one difference is that C-D is under the control of the owner of the
> resource being linked to (ideally), while attributes set somewhere else
> might not.
>
> So there is a security-related aspect to this.
>
> Best regards, Julian
>

So, in the interest of making progress, what if we tried...

download=filename

for same origin it's always downloaded (includes filesystem api from that
origin)
for cross-origin it's downloaded if we get a positive CORS response and/or
we get a content-disposition attachment
for cross-origin if we don't get positive CORS response OR
content-disposition:attachment we don't download

We can always start conservative and broaden out.

-Ian


More information about the whatwg mailing list