Protected Site Download Fails on Android

[luizguilhermesj]

If there is no "Content-Disposition: attachment" set, the download with android devices on password protected sites will fail.

Yii::$app->response->getHeaders()->set('Content-Disposition', 'attachment');
We could let it as default and include an option to override it.

What do you guys think? Any one got this problem?

[robregonm]

Sounds good for me. Could you provide a pull request?
El 17/05/2016 1:41 p. m., "Luiz Guilherme da Silva Junior" <
[email protected]> escribió:

If there is no "Content-Disposition: attachment" set, the download with
android devices on password protected sites will fail.

Yii::$app->response->getHeaders()->set('Content-Disposition',
'attachment');
We could let it as default and include an option to override it.

What do you guys think? Any one got this problem?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#18

[luizguilhermesj]

Sure!
I thought a bit and I think is better to let the default option without the content-disposition, to keep the behavior exactly as it is in the 1.0.1

And one thing is to add this option for content-disposition, so far it's ok, I'm doing it this way.

But another problem would be that changing it to attachment alters the behavior for any device, and this bug only affects android.

Would it be too much to add something like this?

[
    'isProtectedResource' => true
]
...
if ($this->isProtectedResource&& stripos(Yii::$app->request->getUserAgent(),'android') !== false) {
    $response ->getHeaders() ->set('Content-Disposition', 'attachment');
}

I don't like it too much, I think is too much specific and I'm adding a call for Yii::$app, but I'm out of ideas.
It already feels wrong when I don't know how to write the option name (isProtectedResource, androidAsAttachment, forceAndroidAttachment, godKnowWhatHeWants, etc...)

Do you have any other perspective?