- From: Jonas Sicking <jonas@sicking.cc>
- Date: Sat, 16 Mar 2013 18:49:57 -0700
- To: WHAT Working Group <whatwg@whatwg.org>
It's currently unclear what to do if a page contains markup like <a href="page.txt" download="A.txt"> if the resource at audio.wav responds with either 1) Content-Disposition: inline 2) Content-Disposition: inline; filename="B.txt" 3) Content-Disposition: attachment; filename="B.txt" People generally seem to have a harder time with getting header data right, than getting markup right, and so I think that in all cases we should display the "save as" dialog (or display equivalent download UI) and suggest the filename "A.txt". The spec is currently defining something else at least for 3. Potentially there are reasons to do something different in the case when the linked resource lives off of a different origin since in that case there might be security reasons to use the filename or disposition of the server that is actually serving up the content. However I don't think we can expect people to indicate "Content-Disposition: inline" in order to protect resources. Nor do I think that simply using a different filename is going to meaningfully protect downloaded content. So I think a stronger UI warning is needed in this scenario. Firefox currently doesn't support cross-origin @download references, so I don't have any meaningful implementation experience to share regarding that scenario. / Jonas
Received on Sunday, 17 March 2013 01:50:52 UTC