- From: Eduard Pascual <herenvardo@gmail.com>
- Date: Fri, 3 Jun 2011 14:58:48 +0200
On Fri, Jun 3, 2011 at 2:09 PM, Nils Dagsson Moskopp <nils at dieweltistgarnichtso.net> wrote: > Eduard Pascual <herenvardo at gmail.com> schrieb am Fri, 3 Jun 2011 > 10:23:25 +0200: > >> This grants the ability for any content provider to use an explicit >> "Content-Disposition: inline" HTTP header to effectively block >> "download links" from arbitrary sources. > > ? thus placing a burden on content providers. If browser makers think > content providers cannot even get their MIME types right (see image / > video sniffing discussion), what makes you think anyone would configure > headers for no immediate benefit? Nothing. That's the beauty of putting a clear order of precedence: if a host doesn't care how their content is delivered when reached through a third party, then of course there is no need or reason to add an explicit Content-Disposition header. The explicit header would help those providers who want/need some degree of control on how they serve their content. Of course, a content provider can mess things up. And a page author can as well. So I don't see why this would have any weight on choosing the precedence between the HTTP header and the one given on the link. My post was entirely about the precedence between the two sources of the header, when they conflict. I think is obvious enough that the provider of a resource should be given more weight than a third party referencing to it. Either of the sides can still leave things to whatever default could apply to each case if they don't care; but if both care, and they conflict, the provider of the resource should have the final say over whatever the third party may be requesting. At the end of it, the user has always the ability to save a resource that was rendered within the browser, and to try and open on the browser one that was downloaded. And the browser has also a say: even if a "Content-Disposition: inline" is given by both the HTTP host and the link, but the browser has no way to render it, it will still show up a download dialog or similar UI. Content-Disposition is generally honored, but ultimatelly it's just a hint; and the only thing I'm trying to clarify is that such hint should be given more weigth when it comes from a source closer to the resource it applies to (the server hosting it). On a side note, if a link points to a resource on the same origin and its content-disposition conflicts with that of the HTTP response, I don't care too much which one is honored: the setup is wrong to begin with and, as a content author and application developer who takes care on correctness and throughout testing, I'm not too much concerned on how blatantly erroneous content is handled (I simply put enough care to not author such content). Regards, Eduard Pascual
Received on Friday, 3 June 2011 05:58:48 UTC