W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2013

Re: [whatwg] Priority between <a download> and content-disposition

From: Glenn Maynard <glenn@zewt.org>
Date: Mon, 18 Mar 2013 09:05:52 -0500
Message-ID: <CABirCh_o-QoqLKKhvhb2ryZ3jKJkXZfXuuEJrgWBt5=vOY1hYw@mail.gmail.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Cc: WHAT Working Group <whatwg@whatwg.org>, Jonas Sicking <jonas@sicking.cc>
On Mon, Mar 18, 2013 at 7:50 AM, Bjoern Hoehrmann <derhoermi@gmx.net>wrote:

> >However I don't think we can expect people to indicate
> >"Content-Disposition: inline" in order to protect resources. Nor do I
> >think that simply using a different filename is going to meaningfully
> >protect downloaded content. So I think a stronger UI warning is needed
> >in this scenario.
>
> I am not sure what you are referring to here, could you elaborate?
>

People were concerned that there might be security problems with forcing a
download and/or offering a specific filename.  Making a C-D: inline header
override @download might alleviate that.  I agree that if it's actually a
problem, then this doesn't seem like a good solution.

I can't recall any compelling arguments that a security issue exists,
though.

-- 
Glenn Maynard
Received on Monday, 18 March 2013 14:06:21 GMT

This archive was generated by hypermail 2.3.1 : Monday, 18 March 2013 14:06:21 GMT