[RESOLVED]HTML5 Help Needed
[RESOLVED]
Sorry guys and girls, I'm back again with one more problem.
This time too, related to my blog only.
I've created a download page on my blog, from which, I plan to enable the visitors to download images that I'll put up on the downloads page.
To do this, I've planned to make use of a new feature in HTML5 which allows one to click on a normal link to download common files like images/pdf's and such, which normally opens in the browser itself.
The HTML attribute I'm talking about is:
http://www.indiblogger.in/someurl.com/downloads/someimage.jpg
I've posted a link to on another domain I own, for users to try, because, this is a problem which can't be conveyed without checking a live example. http://www.techuri.com/download_gallery.html
Please note that this is not a link to my blog, but, a separate domain which is still not being used to host a website, so, driving traffic to the domain name isn't an intention here.
There's a download link for each image in the gallery that's located at the right hand side, just below the image. Now the problem is, the code to download the image "which is hidden underneath the text "Download Original" is working perfectly in Google Chrome, but isn't working on Mozilla Firefox (haven't checked other browsers though
)
I hope I'm pretty clear this time, not to confuse anyone. In case anyone is still wondering what I want, I'd like to tell them that I want the link to download the image by clicking the link, not to open it in the browser, which firefox is doing currently with my code. Please check the page in Google Chrome first, and then in Mozilla Firefox to understand the problem.
Now I think, the issue is resolved. Moving the images to an external host did the trick. No need to try and work around on any server side scripts. Apart from google, I tried this with flickr too, but it too isn't working, for image downloads.
In case, you want, you can create a google sites website to host the images (though, here you have a very limited space, I think 100mb or so), or maybe, use any sharing solutions like dropbox (I'm not sure whether it would allow downloading images this way, or not, as I haven't tested it yet). Apart from that there are free web hosting service providers like 000webhost.com and somee.com to name a few, which allow you to host your files on their servers, beyond providing you a free domain name too something like yourdomainname.000webhost.com or yourdomainname.somee.com, which would help you access the files you're hosting on these servers.
Reason: Query Resolved! Updating with a possible solution.
Right Clicking and selecting save link as works in Mozilla
Thanks for the reply Vijay, that would have been the ultimate choice, but, since I don't want the user to do that much, I need to fix this.
1. Pankti jaldi aa jaeye aur doubts pooch lo
2. CK I asked you to praise me but you didn't. 
.
Here is what we ( I 
) have found after a short discussion on IndiTalk.
Cross site origin policy is implemented in firefox for the download attribute i.e. a file from xyz.com will be downloadable using that HTML5 attribute if and only if that attribute is on a page from xyz.com.
Others are free to find a workaround now. 
See Ranjith he thanked me
Thanks for your reply Ranjith. You've helped me understand a cause for the issue. I'll check out the cross site origin policy thing and will try a workaround for it.
Maybe, I can try doing the download that using an external server, by specifying content disposition headers, or maybe, use google sites to host the image files, as it, by default sets the content disposition headers as attachment, for uploaded files, or even using a php download page, to handle download requests. Anyways, thanks for your help. I'll update here as and when there is a progress on this matter.
I'll have to see what's cross site origin policy and how does it effect the working of an HTML feature, which, ideally shouldn't be affected by whatever mozilla implements in firefox.
Ranjith is right, as always... the Mozilla team believes that this feature can be used to fool a user into downloading his own user information (from gmail, for example) and then being fooled again to send/upload this information to the malicious website owner. Having said that, I can't resist linking to this video. 
@Cyberkid, you could try using a server-side solution without having to worry about html5 support. This thread on Stackoverflow may point you in the right direction; if it doesn't help, let us know - we'll make this an IndiChallenge!
I'm wondering since when did Renie start answering tech questions. 
we'll make this an IndiChallenge!
CK needs it for his Blogger blog. So, server side solutions won't work. Are there any prizes for the IndiChallenge? If yes, I might be tempted to design a new browser which supports only a tag with download attribute and nothing else. And name the browser Mozilla Firefox.
Thanks, for your help, sir. And, also, for more info on the firefox's inability to do this. I see that Ranjith has pointed out the issue I'm facing, so, no server side scripts. I need to include the html code in this download page in one of my blogger pages, so, can't make use of any server side scripts. Maybe, I can try hosting the images on an external domain and then try getting it done from there. I think, that can help me out, in resolving the issue with this cross site origin policy thingy, as we've seen that the images hosted on my google account aren't being downloaded in Firefox, while ones hosted on a different hosting account are getting dowloaded.
I'll try this and post the results here.
Resolved! Using links to the image files hosted external host did resolve the issue. Maybe, somehow hosting the image files on my google profile wasn't working for the downloads link in Firefox. It is working properly for the images in mozilla Firefox too.
I think I must mark this thread resolved. What you guys say?
What you guys say?
Yes 
I think it was the content disposition header which did the work.
But before closing the thread, I want someone to explain the following.
this feature can be used to fool a user into downloading his own user information (from gmail, for example) and then being fooled again to send/upload this information to the malicious website owner.
Ok, Ranjith, maybe, that was something related to concern that someone could link up to some malicious code, or scripts (like VBScripts, etc) that could be used to breach the security and privacy of users. It is a possiblilty, but, since there is no link cloaking (to hide the actual link and show something else as a download link) available here, users can see the actual link of the file being downloaded, or linked to the Hyperlink on the page). While the possibility of the users checking the hyperlink each and every time is quite low, as most people don't bother checking what they are downloading, a bad guy can link a malicious script that would be downloaded without the browser asking for a confirmation to do so, just by clicking the link, and that's where it becomes dangerous.
Sign in to reply to this thread
