> I am storing a grunch of files of different types in a directory on my
> server. For obscurity (don't ask it's a legal thing) I store them with names
> like DOC_**.AAF Where the ** is an id number. I store the mime type and
> orignal filename in a database table. My Flash application calls a
> coldfusion template called download.cfm with a URL variable with the
> document id number. The template looks up the data in the data base and
> sends a page back with CFHEADER and CFCONTENT set to download the
> appropriate file with the correct filename. This works in both Netscape and
> IE when called from Flash using getURL and a _javascript_ call to pop up an
> undecorated window.
To be devils advocate, security through obscurity only works if you dont
tell anyone what your doing, especallly in great detail to a public list
... (actually security through obscurity doesn't work but that's a whole
other topic)
> If I call the same page using an anchor from an HTML page it doesn't work.
> IE tries to name the file "download.cfm?document_id=**" and can't find the
> file to download. It is as if the CFCONTENT and CFHEADER were being ignored.
> I have check to verify that they are getting good values.
>
> Here is the code from download.cfm:
>
> <cfif metadata.recordCount GT 0>
> <cfset
> localfilename="#GetDirectoryFromPath(GetBaseTemplatePath())#storage\DOC_#URL
> .document_id#.aaf">
> <cfheader name="content-disposition"
> value="attachment;filename=#metadata.file_name#">
> <cfcontent
> type="#metadata.contenttype#/#metadata.contentsubtype#"
> file="#localfilename#">
>
> </cfif>
>
> Can anybody explain why this technique works fine when called using
> Actionscript
>
The only usage I found for Content-Disposition with a quick google is
Content-Disposition: inline; filename=openinexcel.csv - note 'inline'
There is a sweet spot to get files to download correctly with the proper
name on all the browsers. do a quick search in the archives and I am
sure you'll hit it.
As to the Actionscript question, I would guess Actionscript is smarter
than IE.
Cheers,
--
Rob <[EMAIL PROTECTED]>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
