Trouble is, CDN is getting broken behaviour which is what you explicitly do not want. Only non CDN works correctly, in that when you click on “download” something downloads.
Aha yes then we should fix.
2 Likes
Fair enough. Are there any examples for customising the lightbox that I can use as a starting point?
This is not easily hackable at all per:
You would need to read through Magnific Popup: Responsive jQuery Lightbox Plugin and see if it is somehow re-configurable on the fly.
Bummer, I’ll see if I can figure something out.
Just out of curiosity - why does Discourse choose for a ‘download’ action instead of a ‘view full size’ here? From a user perspective, it would seem that the full size is a more common action?
1 Like
I thought this was a MIME issue, but looking at the header, it might be:
x-download-options: noopen
Which prevents a file from being opened when downloaded. Hoping Sam can clarify.
it is @codinghorror call, I guess that is one way you can cleanly retain the original upload filename which some people care about. Plus this appears to be what Flickr like doing.
I don’t think we are going to touch any of this, we will just have the app proxy this in a dedicated route or something, amount of people hitting “download” in minuscule a CDN bypass may be acceptable here. Anyway @pmusaraj can figure out what the best thing is to do. From what I can tell we either need to tell AWS to give us a signed URL with a special content disposition or need to proxy the file. Both cases will involve a S3 CDN bypass. If we proxy through app at least we can use the app CDN.
1 Like
After a little more reading it looks like content-disposition: attachment; and x-download-options: noopen are responsible for this behavior.
Appreciate that’s the how, and not the why. If it’s for security reasons though it makes perfect sense.
This PR should fix this by:
- adding a
data-download-hrefto the lightbox download link when S3 uploads are enabled - the URL used is the new short URL scheme with a
dl=1parameter that will make the controller generate a presigned S3 URL with the correct content disposition and filename
In other words, the download link in the lightbox will now look like /uploads/short-url/mTGbg4Ld2iBYAbfTvEjGXP2LtVm.pdf?dl=1, which will redirect to a signed S3 URL with content-disposition: "attachment; filename=original.png".
I think this is the simplest and most direct option, proxying through the app would be a tiny bit less efficient because the downloaded file would have to go from S3 to the Discourse server to the client.
2 Likes
This topic was automatically closed after 28 hours. New replies are no longer allowed.