You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Removing the forced download creates a security problem for your users
One main reason sites use Content-Disposition: attachment is to protect users from potentially unsafe content, especially user-uploaded content. The content might be safe enough on its own, but if opened "on" the site and it's a type that can run scripts or has links it can allow this content to be a vector for stored-Cross-Site-Scripting attacks. The creator of that content could then do anything you can do on that site. On a social site that might mean reading all your posts or messages, or deleting them all to be a jerk, harvesting all your contacts, posting offensive things as "you".
You might be able to mitigate a lot of this danger if you also added a Content-Security-Policy: sandbox header. I haven't given a lot of thought to which sandbox options you would need, but definitely do NOT add allow-same-origin or you defeat the whole point of sandboxing.
The text was updated successfully, but these errors were encountered:
Removing the forced download creates a security problem for your users
One main reason sites use
Content-Disposition: attachmentis to protect users from potentially unsafe content, especially user-uploaded content. The content might be safe enough on its own, but if opened "on" the site and it's a type that can run scripts or has links it can allow this content to be a vector for stored-Cross-Site-Scripting attacks. The creator of that content could then do anything you can do on that site. On a social site that might mean reading all your posts or messages, or deleting them all to be a jerk, harvesting all your contacts, posting offensive things as "you".You might be able to mitigate a lot of this danger if you also added a
Content-Security-Policy: sandboxheader. I haven't given a lot of thought to which sandbox options you would need, but definitely do NOT addallow-same-originor you defeat the whole point of sandboxing.The text was updated successfully, but these errors were encountered: