- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Mon, 18 Mar 2013 10:00:40 -0700
- To: Glenn Maynard <glenn@zewt.org>
- Cc: WHAT Working Group <whatwg@whatwg.org>, Bjoern Hoehrmann <derhoermi@gmx.net>, Jonas Sicking <jonas@sicking.cc>
> Downloads are associated with the site the link is on, not the domain the > resource is served from. If users click a download link and the file comes > from s3.amazonaws.com, they didn't come from Amazon; they came from your > page. I don't believe that's the case in most browser UIs. In fact, I don't think it should be. For example, if I search for something on google.com, and this takes me a page that serves Content-Disposition: attachment; filename="impotant_google_update.exe", we don't want to imply that Google endorsed that, right? /mz
Received on Monday, 18 March 2013 17:01:23 UTC