I have PDFs, images, and text files in S3. I want the ability to create a download link to the file, but only sometimes. Sometimes my users want to view files on the web, but sometimes they want to click a "download" button to grab them in a single step (vs opening them and clicking the disk icon in the PDF viewer or hitting CTRL + S, etc.). For the latter case, I'd like to be able to generate a link that tells S3 what to do. It'd be nice if I could also control the name of the attachment, but I'd be more than happy to just be able to make an attachment.
Footnote
I am aware that you can add such headers to your files ahead of time, but this removes the ability for me to choose "download" or "view online" after the fact.
You can dynamically add headers to response based on the URL, by passing extra parameters response-content-disposition=attachment; filename='mycustomFileName' as described in the s3 Get Obejct docs.
That, however, only works for the authenticated (time limited) URLS, otherwise, user will receive InvalidRequest error similar to the following:
<Error>
<Code>InvalidRequest</Code>
<Message>
Request specific response headers cannot be used for anonymous GET requests.
</Message>
<RequestId>C5066C8E8F647EA2</RequestId>
<HostId>
ik5oj4QfcJX+5+F/PdootFuq47bh6hLpDqhbeyWlw+AADvMPpOPio6eYwXW7Fnx+H/zpVBM7DbA=
</HostId>
</Error>
If you want this to work with a non-authenticated users, download tag might be an option. As it described in this example, you can specify user-friendly filename instead of hash:
<a href="/images/490/736d910771bc3ee2.jpeg" download="some_nice_image_name.jpg">
although that clearly helps scrapers to automatically annotate your content.
Related
MDN docs state:
To enable a web page to contain an <img> element whose src attribute points to this image,
you could specify "web_accessible_resources" like this:
"web_accessible_resources": ["images/my-image.png"]
The file will then be available using a URL like:
moz-extension://<extension-UUID>/images/my-image.png"
<extension-UUID> is not your extension's ID.
It is randomly generated for every browser instance.
This prevents websites from fingerprinting a browser by examining
the extensions it has installed.
So, I would think that these resources cannot be read by any web page outside the extension, since they would need to know the random UUID.
However, the same MDN docs also state:
Note that if you make a page web-accessible, then any website may then link or redirect
to that page. The page should then treat any input (POST data, for examples)
as if it came from an untrusted source, just as a normal web page should.
I don't understand how "any website may then link or redirect to that page". Wouldn't it need to know the random UUID? How else could a webpage access this resource?
The point of Web Accessible Resources is to be able to include them in a web context.
While you can communicate the random UUID to the webpage so that it can use the file, it doesn't have to be included by the website code itself. Here's a hypothetical scenario:
You're writing an extension that adds a button to evil.com site's UI. That button is supposed to have an image on it.
You bundle the image with your extension, but to add it as src or CSS property to the webpage you need to be able to reference it from a web context.
So, you make it web-accessible, and then inject your UI element with a content script.
Perfectly plausible scenario.
Note that a random third-party site villains-united.com can't just scrape the URL to know if your extension is installed, since the URL is per-browser unique. This is the intent behind WebExtensions's UUID over Chrome's extension-id model.
However, let's continue our hypothetical scenario, from a security perspective.
The operators of evil.com are unhappy with your extra UI. They add a script to their code that looks for added buttons.
That script can see the DOM properties of the button, including the address of the image. Now evil.com's code can see your UUID.
Being the good guy, your extension's source code is available somewhere, including the page that launches nuclear missiles if called (why you would have that and why it would be web-accessible is another matter, perhaps to provide the functionality to good-guys-last-resort.org).
evil.com's script now can reconstruct the URL of this trigger page and XHR it, plunging the planet into nuclear apocalypse. Oops. You probably should've checked the origin of that request.
Basically, if a web-accessible resource is used in a page, the UUID likely leaks to that page's context via DOM. That may not be a page you control.
I am trying to create buttons on a web page that allow users to share links to PDF documents on LinkedIn. LinkedIn loads a window without any errors but offers no link or preview of the PDF or any indication of what is being shared.
Here are the two methods I have tried. First the plugin method.
<script type="in/share" data-url="http://example.net/DocumentDownload.aspx?Command=Core_Download&entryID=114"></script>
And, secondly with a custom url.
TEST
Encoding the url makes no difference.
The above links are direct document links from a DNN web site using Document Exchange. If I change the urls to any html page it works fine and LinkedIn seems to be able to extract the useful information right from the page and use that for the share details.
Can LinkedIn handle this kind of thing? There is nothing to guide me on the type of links that can be shared. I can't find any information about it. There are no errors in the web console.
Not sure, but you should try to provide LinkedIn with the link that has .pdf at the end, like http://example.com/documents/file1.pdf. I guess LinkedIn just checks the URL if it has .pdf file at the end to decide if it is a PDF document or not.
I have no problem sharing pdf's on LinkedIn. Check it out...
https://www.linkedin.com/sharing/share-offsite/?url=https://www.revoltlib.com/anarchism/the-conquest-of-bread/view.pdf
Works perfectly fine. And view.pdf is a script, not a file, either, so, it's not looking for a PDF file to analyze, so much as headers that indicate you have a PDF file available to analyze, so, in PHP, at DocumentDownload.aspx, we would do...
header('Content-type: application/pdf; charset=utf-8');
This header let's the sharing app know that it can analyze the document as a PDF file and extract useful information from it, as you can see from the screen shot.
What I would like to achieve is to let AppEngine Image Service to generate a serving URL with file type as an extension.
For example, in my local, a serving url may look like:
http://0.0.0.0:8898/_ah/img/u4EXyF53eLVd8s5wHrE3tg
Is it possible to override it into the form of something like
http://0.0.0.0:8898/_ah/img/u4EXyF53eLVd8s5wHrE3tg/filename.jpg
The reason I need to do this is I am using Flowplayer and hope to add a splash image by using the playlist function. However, it looks like Flowplayer won't recognize image file without a proper image extension.
There are no "files" on the web, just resources. And every resource has an Url. The type of the resource is defined by Content-type header. There is no such thing as "file type as an extension" on the web.
Image service sets the Content-type properly so all standard clients should be able to display it.
Also, it seems that Flowplayer splash images are just a normal images displayed in HTML, so there should be no problem with this.
Can you display your Url normally in HTML?
Actually there is a workaround for the solution.
Basically, you can add a fake query parameter at the end of the url, and Google will treat them the same.
So, for instance, a url http://0.0.0.0:8898/_ah/img/u4EXyF53eLVd8s5wHrE3tg, you can make it
http://0.0.0.0:8898/_ah/img/u4EXyF53eLVd8s5wHrE3tg?.png or http://0.0.0.0:8898/_ah/img/u4EXyF53eLVd8s5wHrE3tg?.jpg
depending on your need. Google won't care about the query parameters, but I got what I need and my client software (Flowplayer) is happy about this new link.
I've tried to search for this both on Google and StackOverFlow, but simply can't find what I'm looking for, it might be that it's simply not possible, but thought I would ask anyway.
I'm looking for a way to make a file redirect the user to another page, the user would download the file by clicking on a button.
It's for a Prestashop downloadable product, I'm trying to redirect the user to another part of our site (which isn't directly visible) to be able to view magazines, etc. in a viewer.
Now Prestashop is natively set up to download the file, which is what we don't want, hence the use of the viewer, but there is no way to simply provide a link to send the user to instead of a physical file, like a PDF or something. I can't really modify the button as its generated by Prestashop, and if I add a PDF file with the link in there it defeats te purpose as I dont want people having the link in a document (I know they can find it from their history and so on). Hence I thought it would be easier to do it with a document that redirects if possible.
So in short, is it possible to make a file that would send people to a certain web page once they open/download this file on/to their computer?
And if yes, how would one go about it?
Can you make the user download an HTML file? If so, you can use "meta refresh" to redirect the user to your private page.
This does mean the unprotected link will be visible in downloaded HTML file - perhaps you can obfuscate this with JavaScript to make it a little more difficult for users to find your protected URL.
http://www.w3.org/TR/WCAG20-TECHS/H76
I am writing a program in C that acts like a proxy server in a Linux system: Client asks it for a web page,
it sends an HTTP GET Request to a distant server, and it gets the servers response (web page), which is saved in an .html file.
Here goes my problem: Most web sites got some references to images, so when i try to view the .html file proxy created, the images don't appear.
I have searched a lot, but found nothing..Is there a way to write some code to GET images too?
Thank you in advance
You're going to have to write code that parses the HTML file you get back and looks for image references (img tags), then queries the server for those image files. This is what web browsers are doing under the hood.
You have an additional problem though which is that the image references in the HTML file are to the original server. I'm assuming that since they don't load for you the server that returned the original HTML isn't available. In that case after you get each image file you will need to give it a name on the local filesystem and then alter the reference in the HTML (programmatically) to point to your new local image name.
So for example:
<img src='http://example.com/image1.png'>
would become
<img src='localImage1.png'>
If you're querying arbitrary websites then you'll also find that there are various other files you'll need to do the same with like CSS files and JavaScript files. In general its hard to mirror arbitrary web pages accurately - browsers have complex object models they use to interpret web pages because they have to deal with things like CSS and Javascript and you may need to be able to 'run' all that dynamic code to even be sure what files to download from the server (e.g. JavaScript including other JavaScript etc).