- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 07 Dec 2010 10:13:21 +0100
On 02.08.2010 18:56, Tab Atkins Jr. wrote: > 2010/8/2 Kornel Lesi?ski<kornel at geekhood.net>: >> Downloads can be "forced" already with Content-Disposition: attachment. It's just harder to do, and unfortunately that doesn't stop webmasters from trying. Popular PHP snippets for forcing download are among the most disgusting cargo-cult code I've ever seen ? they're collection of self-contradictory and nonsensical HTTP headers, break caching and resuming, and often have security vulnerabilities. >> >> It would be great if we could obsolete those scripts. It would be great if those scripts could just get fixed. > Indeed; I've used those code samples, and since the entire area is > basically voodoo to me, I still have no idea which headers I sent did > anything and which are useless or even harmful cruft. In general, > even well-educated authors have no clue what they're doing here. I believe the spec for C-D is sufficiently clear. But you still need to read it :-). Best regards, Julian
Received on Tuesday, 7 December 2010 01:13:21 UTC