[whatwg] Priority between <a download> and content-disposition

Michal Zalewski lcamtuf at coredump.cx
Mon Mar 18 10:00:40 PDT 2013

> Downloads are associated with the site the link is on, not the domain the
> resource is served from.  If users click a download link and the file comes
> from s3.amazonaws.com, they didn't come from Amazon; they came from your
> page.

I don't believe that's the case in most browser UIs. In fact, I don't
think it should be. For example, if I search for something on
google.com, and this takes me a page that serves Content-Disposition:
attachment; filename="impotant_google_update.exe", we don't want to
imply that Google endorsed that, right?


More information about the whatwg mailing list