[whatwg] a rel=attachment

Ian Fette (イアンフェッティ) ifette at google.com
Fri Jul 15 14:32:54 PDT 2011

On Fri, Jul 15, 2011 at 1:15 PM, Julian Reschke <julian.reschke at gmx.de>wrote:

> On 2011-07-15 19:05, Ian Fette (イアンフェッティ) wrote:
>> ..
>>> It also doesn't naturally help understanding that it's just poor man's
>>> Content-Disposition:**attachment. From this point of view, I like Ian's
>>> original proposal (rel=attachment) more.
>> Yes and no - both are sort of a poor man's Content-Disposition :) The
>> question is whether we need to handle filename, and the proposal of
>> download=filename at least maps content-disposition fully and compactly.
>> ...
> Well, one difference is that C-D is under the control of the owner of the
> resource being linked to (ideally), while attributes set somewhere else
> might not.
> So there is a security-related aspect to this.
> Best regards, Julian

So, in the interest of making progress, what if we tried...


for same origin it's always downloaded (includes filesystem api from that
for cross-origin it's downloaded if we get a positive CORS response and/or
we get a content-disposition attachment
for cross-origin if we don't get positive CORS response OR
content-disposition:attachment we don't download

We can always start conservative and broaden out.


More information about the whatwg mailing list