On 02.08.2010 18:56, Tab Atkins Jr. wrote:
2010/8/2 Kornel Lesiński<[email protected]>:
Downloads can be "forced" already with Content-Disposition: attachment. It's
just harder to do, and unfortunately that doesn't stop webmasters from trying. Popular
PHP snippets for forcing download are among the most disgusting cargo-cult code I've ever
seen — they're collection of self-contradictory and nonsensical HTTP headers, break
caching and resuming, and often have security vulnerabilities.
It would be great if we could obsolete those scripts.
It would be great if those scripts could just get fixed.
Indeed; I've used those code samples, and since the entire area is
basically voodoo to me, I still have no idea which headers I sent did
anything and which are useless or even harmful cruft. In general,
even well-educated authors have no clue what they're doing here.
I believe the spec for C-D is sufficiently clear. But you still need to
read it :-).
Best regards, Julian
