From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x233.google.com (mail-wm0-x233.google.com [IPv6:2a00:1450:400c:c09::233]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 292F677DC1 for ; Sat, 2 Jan 2016 03:45:37 -0800 (PST) Received: by mail-wm0-x233.google.com with SMTP id u188so101797589wmu.1 for ; Sat, 02 Jan 2016 03:46:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=xQiTaLTiQahkZldnACbtQ4KtdRxGi5oudZAZn6zxqN8=; b=X6kT/VcWdphb7NVY3BTF28GMOkPv9EB+AIcW4lJBRrt2Smboqs0YI30rVW61KTRA34 qJ4lIfxy/mug7aZp6h+pg5FvAARZ8OFLRtMeOxBGL51ZxkYOfk3mJMZyIL9U/A2KkPHP Uj9hBD9HmSTZAkgYYrXNC8o72vY2dCDjcoP+GLIt9UU56kVaScf53uo5V68bQ5xcGchL OEVyJcu6MSJ4sKGmxN5fC6TGevlPi2SnYiUmcZ/NK2Oh/Sy1OoELocsoulzEBU4ty+Xh Hnxjr1kG+QF2HkCfRJ6UtlWDL45baUgG/8kUoQ3IbuOp5ThF+QT9LLci5pTJdc7sVk8q Kg6w== X-Received: by 10.28.180.10 with SMTP id d10mr66487604wmf.14.1451735168588; Sat, 02 Jan 2016 03:46:08 -0800 (PST) Received: from 122oven.adamthompson.me.uk (c.2.2.f.4.7.e.f.f.f.d.1.4.2.2.0.2.4.0.9.2.4.1.1.0.b.8.0.1.0.0.2.ip6.arpa. [2001:8b0:1142:9042:224:1dff:fe74:f22c]) by smtp.gmail.com with ESMTPSA id az6sm76722974wjc.25.2016.01.02.03.46.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 02 Jan 2016 03:46:07 -0800 (PST) Date: Sat, 2 Jan 2016 11:46:06 +0000 From: Adam Thompson To: Karl Dahlke Cc: Edbrowse-dev@lists.the-brannons.com Message-ID: <20160102114606.GH12402@122oven.adamthompson.me.uk> References: <20151130170044.eklhad@comcast.net> <20160101201859.GG12402@122oven.adamthompson.me.uk> <20160001154211.eklhad@comcast.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6cMF9JLEeZkfJjkP" Content-Disposition: inline In-Reply-To: <20160001154211.eklhad@comcast.net> User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: [Edbrowse-dev] Messages to and from edbrowse-curl X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Jan 2016 11:45:37 -0000 --6cMF9JLEeZkfJjkP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 01, 2016 at 03:42:11PM -0500, Karl Dahlke wrote: > > My issue here is with any fancy redirects we may encounter. >=20 > The "stop and ask" where to download the file happens after all the redir= ects. > We have the actual url, cookies set, > authorizing user password if any, it's all in place, > and it all runs when restarted. > I don't think there's a problem here. If people play nice then no, but my worry is single access downloads where a HEAD request may be special cased to not trigger the download lock, but a GET request may alter the cookie such that a subsequent GET to the sa= me URL actually requires re-running all the fancy js-based auth in front of th= e=20 download. It's probably unlikely but I can certainly imagine implementing such a syst= em in certain circumstances and think it's worth handling if we can. Cheers, Adam. --6cMF9JLEeZkfJjkP Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJWh7h+AAoJELZ22lNQBzHO5JwH/i312e0H1LY5MfEJCTD75tC9 3fYlNd80vJJi7OH4jeluzBKsxVkNXxb04/wG8/3CDVqkaJ2t4ihByHGI925Q8ubb mK9eXw1FTWhoS6Wm6Ptp9J0AeKlZdtUxAEXsl9gLDXWJB9KC8j46qTLUwqTUska2 EqM4kxcQ7spXWn9zfluP8j4kzk1PFlPYVT9PrngqG2vIm74MPHxxSFn2ND6QP2Lz ibdkEY4oAE2bkh9Ra/yjgUx+fLCt481dq29pbuvegr+ueYDuZt5tAHXaX8Bzhbnb BXyAkfqhaqGGFFkBWqkJIsuHoPckCkWJ5bzv8yZi6do9X6maddbX+qJ6/ySUzPU= =uTsK -----END PGP SIGNATURE----- --6cMF9JLEeZkfJjkP--