- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Mon, 2 Aug 2010 09:56:33 -0700
2010/8/2 Kornel Lesi?ski <kornel at geekhood.net>: > Downloads can be "forced" already with Content-Disposition: attachment. It's just harder to do, and unfortunately that doesn't stop webmasters from trying. Popular PHP snippets for forcing download are among the most disgusting cargo-cult code I've ever seen ? they're collection of self-contradictory and nonsensical HTTP headers, break caching and resuming, and often have security vulnerabilities. > > It would be great if we could obsolete those scripts. Indeed; I've used those code samples, and since the entire area is basically voodoo to me, I still have no idea which headers I sent did anything and which are useless or even harmful cruft. In general, even well-educated authors have no clue what they're doing here. ~TJ
Received on Monday, 2 August 2010 09:56:33 UTC