I tested it in Opera and it does indeed prompt the user to save the file. I've
left it as changing the MIME type to application/x-msdownload as well. Opera
at least seems to work with just the content-disposition trick, but I can't
be sure of other browsers, so I've left it in place for now.
By the way, it looks like emu is out of disk space - I can't commit at the
moment.
Dave
On Saturday 06 May 2006 18:07, Matthew Toseland wrote:
> Is it necessary to add any other headers to persuade the client to
> download the file rather than showing it? I believe Opera will
> auto-detect on application/octet-stream; they recommend
> application/x-msdownload or application/x-unknown. They also gave the
> hint on content-disposition...
>
> Thanks! I may be online later; I'm having technical issues at present.
>
> On Sat, May 06, 2006 at 01:29:10PM +0000, dbkr at freenetproject.org wrote:
> > Author: dbkr
> > Date: 2006-05-06 13:29:06 +0000 (Sat, 06 May 2006)
> > New Revision: 8621
> >
> > Modified:
> > trunk/freenet/src/freenet/clients/http/FproxyToadlet.java
> > trunk/freenet/src/freenet/clients/http/PageMaker.java
> > trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
> > trunk/freenet/src/freenet/node/Version.java
> > Log:
> > 681: Anonymity improvents:
> > * Fix bug 132 (Reinstate Internet Explorer warning)
> > * Fix bug 131 (Downloads should have content-disposition: attatchment
added too)
> > * Remove http URL in xml namespace (paranoid, but the URL is not
necessary)
> >
> >
> > Modified: trunk/freenet/src/freenet/clients/http/FproxyToadlet.java
> > ===================================================================
> > --- trunk/freenet/src/freenet/clients/http/FproxyToadlet.java
> > 2006-05-06
11:40:33 UTC (rev 8620)
> > +++ trunk/freenet/src/freenet/clients/http/FproxyToadlet.java
> > 2006-05-06
13:29:06 UTC (rev 8621)
> > @@ -149,23 +149,34 @@
> >
> > String forceString = httprequest.getParam("force");
> > boolean force = false;
> > + boolean forcedownload = false;
> > if(forceString != null) {
> > if(forceString.equals(getForceValue(key, now))
> > ||
> >
> > forceString.equals(getForceValue(key, now-FORCE_GRAIN_INTERVAL)))
> > force = true;
> > }
> >
> > - if(typeName.equals("application/x-msdownload")) {
> > + if(httprequest.isParameterSet("forcedownload")) {
> > // Download to disk, this should be safe, and
> > is set when we do
"force download to disk" from a dangerous-content-warning page.
> > - force = true;
> > + typeName = "application/x-msdownload";
> > + forcedownload = true;
> > }
> >
> > try {
> > - if(!force)
> > + if(!force && !forcedownload) {
> > data = ContentFilter.filter(data,
> > ctx.getBucketFactory(), typeName);
> > + }
> >
> > - // Send the data, intact
> > - writeReply(ctx, 200, typeName, "OK", data);
> > + if (forcedownload) {
> > + MultiValueTable headers = new
> > MultiValueTable();
> > +
> > + headers.put("Content-Disposition",
> > "attachment");
> > + ctx.sendReplyHeaders(200, "OK",
> > headers, typeName, data.size());
> > + ctx.writeData(data);
> > + } else {
> > + // Send the data, intact
> > + writeReply(ctx, 200, typeName, "OK",
> > data);
> > + }
> > } catch (UnsafeContentTypeException e) {
> > StringBuffer buf = new StringBuffer();
> > ctx.getPageMaker().makeHead(buf, "Potentially
> > Dangerous Content");
> > @@ -176,7 +187,7 @@
> > buf.append("<p>Your options are:</p><ul>\n");
> > buf.append("<li><a
href=\"/"+key.toString(false)+"?type=text/plain\">Click here</a> to open the
file as plain text (this should not be dangerous, but it may be
garbled).</li>\n");
> > // FIXME: is this safe? See bug #131
> > - buf.append("<li><a
href=\"/"+key.toString(false)+"?type=application/x-msdownload\">Click
here</a> to force your browser to download the file to disk.</li>\n");
> > + buf.append("<li><a
href=\"/"+key.toString(false)+"?forcedownload\">Click here</a> to force your
browser to download the file to disk.</li>\n");
> > buf.append("<li><a
href=\"/"+key.toString(false)+"?force="+getForceValue(key, now)+"\">Click
here</a> to open the file as "+HTMLEncoder.encode(typeName)+".</li>\n");
> > buf.append("<li><a href=\"/\">Click here</a> to
> > go to the FProxy home
page.</li>\n");
> > buf.append("</ul>");
> >
> > Modified: trunk/freenet/src/freenet/clients/http/PageMaker.java
> > ===================================================================
> > --- trunk/freenet/src/freenet/clients/http/PageMaker.java 2006-05-06
11:40:33 UTC (rev 8620)
> > +++ trunk/freenet/src/freenet/clients/http/PageMaker.java 2006-05-06
13:29:06 UTC (rev 8621)
> > @@ -38,7 +38,7 @@
> > public void makeTopHead(StringBuffer buf) {
> > buf.append("<!DOCTYPE\n"
> > + " html PUBLIC \"-//W3C//DTD XHTML
> > 1.1//EN\">\n"
> > - + "<html xmlns=\"http://www.w3.org/1999/xhtml\";
> > xml:lang=\"en\">\n"
> > + + "<html xml:lang=\"en\">\n"
> > + "<head>\n"
> > + "<meta http-equiv=\"Content-Type\"
> > content=\"text/html;\" />\n"
> > +"<link rel=\"stylesheet\"
href=\"/static/themes/"+this.theme+"/theme.css\" type=\"text/css\" />\n");
> >
> > Modified: trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
> > ===================================================================
> > --- trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
> > 2006-05-06
11:40:33 UTC (rev 8620)
> > +++ trunk/freenet/src/freenet/clients/http/WelcomeToadlet.java
> > 2006-05-06
13:29:06 UTC (rev 8621)
> > @@ -212,6 +212,15 @@
> > ctx.getPageMaker().makeHead(buf, "Freenet FProxy Homepage");
> > if(node.isTestnetEnabled())
> > buf.append("<div style=\"color: red; font-size: 200%;
> > \">WARNING:
TESTNET MODE ENABLED</div>");
> > +
> > + String useragent = (String)ctx.getHeaders().get("user-agent");
> > +
> > + if (useragent != null) {
> > + useragent = useragent.toLowerCase();
> > + if (useragent.indexOf("msie") > -1 &&
> > useragent.indexOf("opera") ==
-1) {
> > + buf.append("<div style=\"color:
> > darkred\"><b>Warning</b>: You appear
to be using Internet Explorer. This means that some sites within Freenet may
be able to compromise your anonymity.</div>");
> > + }
> > + }
> >
> > // Alerts
> >
> >
> > Modified: trunk/freenet/src/freenet/node/Version.java
> > ===================================================================
> > --- trunk/freenet/src/freenet/node/Version.java 2006-05-06 11:40:33 UTC
(rev 8620)
> > +++ trunk/freenet/src/freenet/node/Version.java 2006-05-06 13:29:06 UTC
(rev 8621)
> > @@ -20,7 +20,7 @@
> > public static final String protocolVersion = "1.0";
> >
> > /** The build number of the current revision */
> > - private static final int buildNumber = 680;
> > + private static final int buildNumber = 681;
> >
> > /** Oldest build of Fred we will talk to */
> > private static final int lastGoodBuild = 591;
> >
> > _______________________________________________
> > cvs mailing list
> > cvs at freenetproject.org
> > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
> >
>
> --
> Matthew J Toseland - toad at amphibian.dyndns.org
> Freenet Project Official Codemonkey - http://freenetproject.org/
> ICTHUS - Nothing is impossible. Our Boss says so.
>
