Downloading an svg file using the file browser fails #6658
Comments
|
I just went to an svg in our source, right clicked, and downloaded, and it worked great. What was the error? |
|
I have just build current master and tried to download a file (svg, ppt...) - I get error in the chrome (Failed - Forbidden) - Strangely, I don't see a request in devtools. The server log shows: Strangely, the same actions in Firefox works well (no error, file is downloaded correctly)!!! Chrome Incognito fails also. |
|
This is prolly duplicate of #6609. I guess @jasongrout browser if FF while @saulshanabrook and @ellisonbg browser is Chrome. |
You're right that I am using FF. Sorry for not mentioning it earlier. |
|
#6106 looks relevant |
|
Or perhaps we can (shudder) do a browser test and only have the download attribute in firefox, but not in Chrome? |
|
1.0.0a.10 still exhibits this behavior: in Chrome, I get a "Failed - Forbidden" when I try to download a file. (It appears that file type does not matter). I can download in Safari. Most of my users use Chrome, and many of them like to download files. As far as I can tell, no log of the event is being generated--I neither see an HTTP request on the Network tab of Developer Tools nor a log in the console. |
|
I'm working on this right now. |
|
Adding the xsrf token as @minrk suggested here: #6106 (comment) solves this issue. But I'm wary of the potential security implications of doing this. I don't have a good understanding of the xsrf token. Is there a risk in exposing it in the href in this way @minrk? |
|
If PR #6686 looks secure, I recommend we go with it. I'm going to create another PR with an approach I know is safe in the meantime. |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related discussion. |
jasongrout
added
the
status:resolved-locked
To reproduce:
Browser gives a download error.
The text was updated successfully, but these errors were encountered: