Re: HTTP header suggestion/request

On Thu, 7 Nov 1996, MegaZone wrote:

> I would like to suggest a new header for HTTP/1.1:
> Save-As:
> A CGI application could return this header with a file name (and possibly
> path, although that has security implications - Save-As: /etc/passwd for
> instance.  Though it would fail on a well maintained system, it is still a
> risk) which would be used by the user agent instead of the script name for
> saving.

The risk could be minimized by not allowing path information in the
value. The UA would 'know' the root path or prompt the user..

> I would have a number of uses for this tag, and I've seen numerous sites
> that have the same aplication.  I think this would be a very useful addition.

Depending on your server and the ability it may have to map request URLs
to cgi scripts, it may be possible to include a realistic file name
as part of the URL ... for example, we use a url of the form:


to convince the UA to save the data under the name zwexport.zwe but the
'script name' is 'export' and the remainder of the path is simply
arguments to the script. The server that does this is the user
interface server built into ZooWorks so we own the server and 
the exact options for other servers are not something I've studied.

Dave Morris

Received on Friday, 8 November 1996 00:28:54 UTC