[whatwg] Priority between <a download> and content-disposition
Glenn Maynard
glenn at zewt.org
Mon Mar 18 07:05:52 PDT 2013
On Mon, Mar 18, 2013 at 7:50 AM, Bjoern Hoehrmann <derhoermi at gmx.net>wrote:
> >However I don't think we can expect people to indicate
> >"Content-Disposition: inline" in order to protect resources. Nor do I
> >think that simply using a different filename is going to meaningfully
> >protect downloaded content. So I think a stronger UI warning is needed
> >in this scenario.
>
> I am not sure what you are referring to here, could you elaborate?
>
People were concerned that there might be security problems with forcing a
download and/or offering a specific filename. Making a C-D: inline header
override @download might alleviate that. I agree that if it's actually a
problem, then this doesn't seem like a good solution.
I can't recall any compelling arguments that a security issue exists,
though.
--
Glenn Maynard
More information about the whatwg
mailing list