On Fri, Jan 01, 2016 at 03:42:11PM -0500, Karl Dahlke wrote: > > My issue here is with any fancy redirects we may encounter. > > The "stop and ask" where to download the file happens after all the redirects. > We have the actual url, cookies set, > authorizing user password if any, it's all in place, > and it all runs when restarted. > I don't think there's a problem here.
If people play nice then no, but my worry is single access downloads where a HEAD request may be special cased to not trigger the download lock, but a GET request may alter the cookie such that a subsequent GET to the same URL actually requires re-running all the fancy js-based auth in front of the download. It's probably unlikely but I can certainly imagine implementing such a system in certain circumstances and think it's worth handling if we can. Cheers, Adam.
signature.asc
Description: PGP signature
_______________________________________________ Edbrowse-dev mailing list [email protected] http://lists.the-brannons.com/mailman/listinfo/edbrowse-dev
