W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 1996

Re: HTTP header suggestion/request

From: David W. Morris <dwm@xpasc.com>
Date: Fri, 8 Nov 1996 00:17:55 -0800 (PST)
To: MegaZone <megazone@livingston.com>
Cc: http working group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Message-Id: <Pine.GSO.3.95.961108001148.23556H-100000@shell1.aimnet.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/1884

On Thu, 7 Nov 1996, MegaZone wrote:

> I would like to suggest a new header for HTTP/1.1:
> Save-As:
> A CGI application could return this header with a file name (and possibly
> path, although that has security implications - Save-As: /etc/passwd for
> instance.  Though it would fail on a well maintained system, it is still a
> risk) which would be used by the user agent instead of the script name for
> saving.

The risk could be minimized by not allowing path information in the
value. The UA would 'know' the root path or prompt the user..

> I would have a number of uses for this tag, and I've seen numerous sites
> that have the same aplication.  I think this would be a very useful addition.

Depending on your server and the ability it may have to map request URLs
to cgi scripts, it may be possible to include a realistic file name
as part of the URL ... for example, we use a url of the form:


to convince the UA to save the data under the name zwexport.zwe but the
'script name' is 'export' and the remainder of the path is simply
arguments to the script. The server that does this is the user
interface server built into ZooWorks so we own the server and 
the exact options for other servers are not something I've studied.

Dave Morris
Received on Friday, 8 November 1996 00:28:54 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:00 UTC