I did find a warning in the console when downloading the attachment
_application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:10740 Resource interpreted as Document but transferred with MIME type application/pdf: "https://discourse-cdn-sjc2.com/standard17/uploads/ros/original/2X/1/19bddd29016a5fbec4040bacf13ed7a6b434f168.pdf".
redirectTo @ _application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:10740
trackClick @ _application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:18931
(anonymous) @ _application-b340ff561f4deaf627006a01fbc69a9abc5cee80ab3cf0367803a94f9f22cb21.js:44634
dispatch @ _ember_jquery-cf9339810550f9c92505dfbb37362c58a4a8a83bcee2d99174547b01c06ed7d3.js:5198
g.handle @ _ember_jquery-cf9339810550f9c92505dfbb37362c58a4a8a83bcee2d99174547b01c06ed7d3.js:5006
But I think it’s potentially unrelated.
I isolated it to be using the EFF Privacy Badger Chrome Extension which was blocking cookies for the domain discourse.ros.org
specifically.

However that domain only comes up in the case that I navigate through the attachment.
Privacy badger usually doesn’t list it when browsing the site before downloading the attachment so I didn’t know it was blocking.

I’m not sure when Privacy Badger learned to flag the site. I reset it and cleared the flag and it now shows a DNT and is happy with the site by default.

I noticed that it seems to loose the Local storage and Session storage when I download the attachment which seems odd. And this happens with Privacy Badger disabled.
vs after the download
This seems odd to me, but if it seems ok to you there’s no need to follow up. I’m happy with the results. Thanks for your time.