Closed Bug 674047 Opened 10 years ago Closed 7 years ago
Saver to take URIs as well
So that you can do let saver = FileSaver("http://example.com/foo.txt"); Plan is to use CORS here. This will need a separate security review.
It is not clear to me how this should work. We don't have any events for downloading?
That's a good question. After thinking about it, I don't think we need events for downloading. Conceptually, FileSaver transfers data from "somewhere" to your disk. I don't think it matters where the data comes from. Progress events on the writes are enough, I think.
For cross-origin loads that aren't backed by CORS we don't want to expose the file size though. We might not even want to expose any progress events as that lets you estimate the size using timing attacks :(
I thought we just weren't going to do cross-origin loads that aren't backed by CORS?
10 years ago
10 years ago
Whiteboard: [sr:curtisk] → [secr:curtisk]
Depends on: 749341
Whiteboard: [secr:curtisk] → [sec-assigned:curtisk:749341]
bug has no owner and has not moved in ~2 years, closing blocking sec-review bug as incomplete and leaving flag to indicate need to do security work when / if this bug refreshes
Yeah I don't think we're interested in this anymore.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.