Shawn Neumann wrote:
>
> Using Win2K, Nightly 2001120703
>
> I have a system that is dumping a file to the browser on a certain
> scripted request. A call to:
>
> httpd://something.com/script.pl?action=get_file_or_something
>
> returns...
>
> Content-type: application/zip; filename="file.zip"
>
> IE respects this filename and uses it when attempting to save the file,
> whereas Mozilla appears to continue to use the filename script.pl
> contained in the URL. I know Netscape 4x only used the URL filename,
> however I assumed Mozilla should respect the filename in the header.
>
> Does anyone have the inside scoop on this?
>
> Cheers!
> Shawn
Is there any consensus on which header is used to present a file name?
Communicator 4.xx and I think Navigator 3.xx would use a file name in a
Content-disposition header in HTTP. In this case, the header had the
form:
Content-disposition: any_garbage_whatever; filename="foo.whatever"
In a mail or news header, "any_garbage_whatever" would have to be either
inline or attachment. Because attachment makes no sense in HTTP, the
Content-disposition qualifier was ignored but the parameter was parsed.
Properly, a file name is a disposition for content expected to be
downloaded for saving to disk. RFC2616 purposely avoids defining content
disposition because of security considerations. Is there a later RFC
that does consider this issue asside from warnings? Certainly a filename
parameter should not be allowed to contain a client side path. Are there
other issues?
Chuck
--
... The times have been,
That, when the brains were out,
the man would die. ... Macbeth
Chuck Simmons [EMAIL PROTECTED]
