[whatwg] Forcing a download

Jonas Sicking jonas at sicking.cc
Fri Jul 22 14:03:12 PDT 2011 

On Thu, Jul 21, 2011 at 11:58 PM, Ian Hickson <ian at hixie.ch> wrote:
> Is there any reason to use CORS here at all? It seems like the simpler
> solution would be the following:
>
>  - If download="" is set, then by default trigger a download rather than a
>   navigation action. (User can override via context menu.)
>  - Pick a filename for the download as follows:
>   - if the received resource has a Content-Disposition: attachment header
>     that specifies a filename, use that.
>   - otherwise, if the received resource has a Content-Disposition header
>     that specifies a filename, and the resource is same-origin, use that
>     filename.
>   - otherwise, if the received resource is same-origin and the
>     download="" attribute specifies a filename, use that.
>   - otherwise, if the received resource has a Content-Disposition:
>     attachment header and the download="" attribute specifies a filename,
>     use the filename from the attribute.
>   - otherwise, if the received resource is same-origin then derive a
>     filename from the resource.
>   - otherwise, either abort or alert the user that a file is being
>     downloaded from a different origin and prompt for a filename.
>  - If a mapping from the MIME type to an extension is known, but the
>   filename doesn't have that extension, add it.
>
> This is what I've used for now (modulo some allowances for user
> interfaces), but I welcome suggests for changing this.

The "otherwise, either abort or alert the user that a file is being
downloaded from a different origin and prompt for a filename" step
seems to allow to *very* different browser behaviors, resulting in a
site working in one browser, but not in another.

I'm still trying to find a date when we can do a security review about
this in mozilla though. It still does seem very strange to me that a
bank site which sends "cache-control: no-store" for a resource in
order to prevent it from being temporarily stored on the users hard
drive, can still end up being *permanently* stored on a users hard
drive. All that's needed is for the user to click a 'yes' button on a
download dialog while watching a seemingly harmless site.

/ Jonas

More information about the whatwg mailing list