Closed
Bug 674047
Opened 13 years ago
Closed 10 years ago
Teach FileSaver to take URIs as well
Categories
(Core :: DOM: Core & HTML, enhancement)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: khuey, Unassigned)
References
()
Details
So that you can do
let saver = FileSaver("http://example.com/foo.txt");
Plan is to use CORS here. This will need a separate security review.
|
||
Comment 1•13 years ago
|
||
It is not clear to me how this should work.
We don't have any events for downloading?
|
Reporter | |
Comment 2•13 years ago
|
||
That's a good question. After thinking about it, I don't think we need events for downloading.
Conceptually, FileSaver transfers data from "somewhere" to your disk. I don't think it matters where the data comes from. Progress events on the writes are enough, I think.
For cross-origin loads that aren't backed by CORS we don't want to expose the file size though. We might not even want to expose any progress events as that lets you estimate the size using timing attacks :(
|
|
Reporter | |
Comment 4•13 years ago
|
||
I thought we just weren't going to do cross-origin loads that aren't backed by CORS?
|
||
Updated•13 years ago
|
Whiteboard: [sr:curtisk]
|
|
||
Updated•13 years ago
|
Whiteboard: [sr:curtisk] → [secr:curtisk]
|
|
||
Updated•13 years ago
|
Whiteboard: [secr:curtisk] → [sec-assigned:curtisk:749341]
|
||
Updated•12 years ago
|
Flags: sec-review?(curtisk)
|
|
||
Updated•12 years ago
|
Whiteboard: [sec-assigned:curtisk:749341]
bug has no owner and has not moved in ~2 years, closing blocking sec-review bug as incomplete and leaving flag to indicate need to do security work when / if this bug refreshes
|
|
Reporter | |
Comment 6•10 years ago
|
||
Yeah I don't think we're interested in this anymore.
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: sec-review?(curtisk)
Resolution: --- → INCOMPLETE
|
Assignee | |
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•