On Mon, Mar 18, 2013 at 7:50 AM, Bjoern Hoehrmann <[email protected]>wrote:
> >However I don't think we can expect people to indicate > >"Content-Disposition: inline" in order to protect resources. Nor do I > >think that simply using a different filename is going to meaningfully > >protect downloaded content. So I think a stronger UI warning is needed > >in this scenario. > > I am not sure what you are referring to here, could you elaborate? > People were concerned that there might be security problems with forcing a download and/or offering a specific filename. Making a C-D: inline header override @download might alleviate that. I agree that if it's actually a problem, then this doesn't seem like a good solution. I can't recall any compelling arguments that a security issue exists, though. -- Glenn Maynard
