Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Chris Lobdell
September 27, 2004, 2:19 pm
rate this thread
For the past two years, we have offered files for download through a
secure website. Users, after clicking on a link, are redirected to a
PHP page that passes the appropriate header information to the user
and inquires if that user wishes to download the file.
A sample of that code is below:
header('Content-Disposition:attachment; filename="'.$file_path .'"');
header('Content-length: ' . filesize($full_file_path));
However, with the enhanced security now available in Windows XP SP2,
users are no longer prompted to download the file. In fact, Windows
XP SP2 not only suppresses the download but will not even present the
end user with an option to download the file. Has anyone else
encountered this type of situation? If so, is there a programmtic
solution to, at the very least, prompt the user to download the file
without requiring the user include the website as one of his/her
Re: Automatic Download of Files using application/save on Windows XP SP2 Browsers
[ ... ]
Sending application/save is not appropriate; using non-
registered media types is discouraged by the spec which,
given the information you provided, you're otherwise
adhering to. If you must make them up, prefix 'x-'. Why
make them up?
I'm not convinced if C-D:attachment has a place on the WWW.
Is it the provider's job to indicate that the presentation
of a resource be 'contingent upon some further action of the
user' (RFC2183 sec. 2.2)? I don't see much point in either
the inline or attachment disposition types. Perhaps an
undefined disposition type together with a filename
parameter have some use though.
Now I'm thinking this isn't for the WWW, because RFC2616
doesn't define a CTE header. What did you mean by this?
Stop prompting. What made you want to prompt anyway?