W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1996

Re: HTTP header suggestion/request

From: Lou Montulli <montulli@netscape.com>
Date: Fri, 08 Nov 1996 11:05:40 -0800
Message-Id: <32838484.4287@netscape.com>
To: MegaZone <megazone@livingston.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
MegaZone wrote:
> 
> I've noticed more and more software vendors using CGI applications to allow
> users to download software.  Unfortuately at this time there isn't a way
> to tell user-agents to save the code under a name other than the script name.
> This problematic especially when there is more than one selection on a form.
> 
> I would like to suggest a new header for HTTP/1.1:
> Save-As:
> 
> A CGI application could return this header with a file name (and possibly
> path, although that has security implications - Save-As: /etc/passwd for
> instance.  Though it would fail on a well maintained system, it is still a
> risk) which would be used by the user agent instead of the script name for
> saving.
> 
> I would have a number of uses for this tag, and I've seen numerous sites
> that have the same aplication.  I think this would be a very useful addition.
> 

There is a solution that should already serve your purpose.

The Content-disposition header can contain a "filename"
parameter for naming a file.  When the Navigator sees this
parameter it will use it as a default filename for saving.

The following use should work when returned from a CGI script:

Content-disposition: file; filename=foo.exe

The Navigator only uses the filename parameter, everything
else in the header is currently ignored.

The Content-disposition header is also used in HTTP file upload
and is documented in Larry Masinter's RFC on file upload.

:lou
-- 
Lou Montulli                 http://www.netscape.com/people/montulli/
       Netscape Communications Corp.
Received on Friday, 8 November 1996 11:19:58 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:16 EDT