Home > Archive > PHP Programming > September 2004 > Automatic Download of Files using application/save on Windows XP SP2 Browsers
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Automatic Download of Files using application/save on Windows XP SP2 Browsers
|
|
| Chris Lobdell 2004-09-27, 3:57 pm |
| Hey, everyone.
For the past two years, we have offered files for download through a
secure website. Users, after clicking on a link, are redirected to a
PHP page that passes the appropriate header information to the user
and inquires if that user wishes to download the file.
A sample of that code is below:
header('Content-Type: application/save');
header('Content-Disposition:attachment; filename="'.$file_path .'"');
header('Content-Transfer-Encoding: binary');
header('Content-length: ' . filesize($full_file_path));
readfile($full_file_path);
However, with the enhanced security now available in Windows XP SP2,
users are no longer prompted to download the file. In fact, Windows
XP SP2 not only suppresses the download but will not even present the
end user with an option to download the file. Has anyone else
encountered this type of situation? If so, is there a programmtic
solution to, at the very least, prompt the user to download the file
without requiring the user include the website as one of his/her
trusted websites.
Thanks,
Chris
| |
| John Dunlop 2004-09-27, 8:56 pm |
| Chris Lobdell wrote:
[ ... ]
> header('Content-Type: application/save');
Sending application/save is not appropriate; using non-
registered media types is discouraged by the spec which,
given the information you provided, you're otherwise
adhering to. If you must make them up, prefix 'x-'. Why
make them up?
> header('Content-Disposition:attachment; filename="'.$file_path .'"');
I'm not convinced if C-D:attachment has a place on the WWW.
Is it the provider's job to indicate that the presentation
of a resource be 'contingent upon some further action of the
user' (RFC2183 sec. 2.2)? I don't see much point in either
the inline or attachment disposition types. Perhaps an
undefined disposition type together with a filename
parameter have some use though.
> header('Content-Transfer-Encoding: binary');
Now I'm thinking this isn't for the WWW, because RFC2616
doesn't define a CTE header. What did you mean by this?
> header('Content-length: ' . filesize($full_file_path));
> readfile($full_file_path);
>
> However, with the enhanced security now available in Windows XP SP2,
> users are no longer prompted to download the file. In fact, Windows
> XP SP2 not only suppresses the download but will not even present the
> end user with an option to download the file. Has anyone else
> encountered this type of situation? If so, is there a programmtic
> solution to, at the very least, prompt the user to download the file
> without requiring the user include the website as one of his/her
> trusted websites.
Stop prompting. What made you want to prompt anyway?
--
Jock
|
|
|
|
|