自动下载和IE安全警告问题
我有以下情况(简化):
我有一个脚本 file.php?file=foo.pdf 正在将文件传递到文档根目录之外(它没有 html,只是下载推送脚本)。某些文件受脚本保护 - 在这种情况下,用户会被重定向到 login.php。成功登录后,将使用用户想要下载的文件设置会话变量。用户被重定向到 home.php,我在其中使用下载源 file.php?file=foo.pdf 创建一个 iframe。当脚本 file.php 开始推送下载时,它会取消设置会话变量。
这在 Firefox 中有效,但在 IE 中这会给我一个安全警告并且下载被阻止。如果我单击该栏并允许下载,则 IE 会重新加载页面。但由于会话已被取消设置,因此不会生成 iframe,因此不会“再次”下载该文件。
IE 似乎确实启动了第一次下载,但在收到标头时中止了它。所以我想我没有机会判断浏览器是否已中止下载。
有人有解决办法吗? (我不需要下载按钮)。
I have the following situation (simplified):
I have a script file.php?file=foo.pdf that is delivering files outside the document root (it has no html, it's just the download push script). Some files are protected by the script - in that case the user gets redirected to login.php. When successfully logged in, a session variable is set with the file the user wants to download. The user gets redirected to home.php where I create an iframe with the download source file.php?file=foo.pdf. When the script file.php starts to push the download it unsets the session-variable.
This works in Firefox, but in IE this gives me a security warning and the download gets blocked. If I click the bar and allow the download IE reloads the page. But as the session has already been unset the iframe is not generated and therefore the file gets not downloaded "again".
IE seems to really launch the first download but aborts its when receiving the headers. So I guess I have no chance to tell if a download has been aborted by the browser.
Does anyone have a solution to this? (I don't want a download button).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我可能是错的,但您是否尝试在将文件发送到 iframe 后取消设置会话变量?在这种情况下,当 IE 安全检查将保留下载变量时,下一个请求可能仍然存在
I may be wrong but did You tried to unset session variable after sending file to iframe? In that case its possible that when IE security check will hold download variable will still exists for next request
您是否在下载链接中“定位”了 iframe?
你为什么不瞄准=“父母”?如果没有 html 和更改的 mime 标头(我假设是八位字节流或强制下载),您的页面将不会被覆盖,并且您的下载将会成功。
are you "target" ing an iframe in your download link?
Why don't you target="parent"? without html and a changed mime header ( I assume octet stream or force downlaod ) your page will not be overriden and your download will be successful.
在对此发疯之后(感谢您的回复,但他们都没有解决问题 - IE 在下载请求上设置 Cookie,但随后阻止下载),我倾向于认为处理此问题的唯一方法是提供下载页面,用户可以主动单击下载链接(或至少某种下载覆盖图)。
After going nuts with this (thanks for the responses, but none of them solved the problem - IE is setting Cookies on the download request, but is blocking the download afterwards), I tend to think the only method to deal with this is to offer a download page where the user can active click on the download link (or at least some kind of download overlay).