I delivered a one hour session on the internals of file downloads in web browsers at THAT Conference 2024. The slides are here and a MP3 of the talk is available. If you’d prefer to read, much of the content in the talk is found in this blog’s posts that have a Download tag.
Tag Archives: download
MoarTLS: Non-Secure Download Blocking
With little fanfare, an important security change has arrived on the web. Now, all major browsers (except Safari) block non-secure downloads from a secure page. Browser Version Behavior Edge 94+ Block with right-click “Keep” button Chrome 94 Block Silently Firefox 93 Block with “Allow download” button Brave 1.30.89 Block Silently Opera 79.0.4143.72 Block Silently SafariContinue reading “MoarTLS: Non-Secure Download Blocking”
Download Blocking by File Type
Last Updated: 23 August 2023 I’ve previously gushed about the magic of the File Type Policies component — a mechanism that allows files to be classified by their level of “dangerousness”, such that harmless files (e.g. .txt files) can be downloaded freely, whilst potentially-dangerous files (e.g. .dll files) are subjected to a higher degree ofContinue reading “Download Blocking by File Type”
Web-to-App Communication: DirectInvoke
Note: This post is part of a series about Web-to-App Communication techniques. Background Typically, if you want your website to send a document to a client application, you simply send the file as a download. Your server indicates that a file should be treated as a download in one of a few simple ways: Specifying aContinue reading “Web-to-App Communication: DirectInvoke”
Demystifying ClickOnce
Update: ClickOnce support is now available in modern Edge; see the end of this post. As we rebuild Microsoft Edge atop the Chromium open-source platform, we are working through various scenarios that behave differently in the new browser. In most cases, such scenarios also worked differently between 2018’s Edge Legacy (aka “Spartan”) and Chrome, butContinue reading “Demystifying ClickOnce”
Script-Generated Download Files
As we finish up the next release of Windows 10, my team is hard at work triaging incoming bugs. Here’s a pattern that has come up a few times this month: Bug: I click download in Edge Legacy: …but I end up on an error page: Womp womp. If you watch the network traffic, you’llContinue reading “Script-Generated Download Files”
Downloads and the Mark-of-the-Web
Last update: May 9, 2024 Background Windows uses a simple technique to recognize which files were downloaded from the Internet (or a network share). Each downloaded file is is tagged with a hidden NTFS Alternate Data Stream file named Zone.Identifier. You can check for the presence of this “Mark of the Web” (MotW) using dirContinue reading “Downloads and the Mark-of-the-Web”
text/plain 