为什么Google Chrome浏览器有时会警告下载的PDF可能会损害您的计算机? [英] Why does Google Chrome sometimes warn that a downloaded PDF can harm your computer?
问题描述
我们有一个网站,可以下载多个PDF. PDF可能是静态的,也可能是动态生成的.使用多种机制之一下载它们(静态URL,回发/重定向/元刷新/等).对于某些PDF文件,Chrome会毫无保留地下载它们.对于其他用户,它警告用户此类型的文件可能会损害您的计算机.确定要下载...",并且需要额外单击.
We have a web site that makes several PDFs available for download. The PDFs might be static, or dynamically generated. They are downloaded using one of several mechanisms (static-URL, post back/redirect/meta-refresh/etc.). For certain PDF files, Chrome downloads them without complaint. For others, it warns the user that "This type of file can harm your computer. Are you sure you want to download ..." and requires an extra click.
Chrome会使用哪些信息来决定是否显示该消息?显然,文件不只是PDF.
What information is Chrome using to decide whether to show the message? Obviously, it's not simply the fact that the file is a PDF.
为清楚起见,我想在服务器端做一些事情(如果重要的话,我们使用IIS/ASP.NET)以防止消息出现.我对让每个用户都禁用浏览器中的消息的解决方案不感兴趣(如果可能的话).
To be clear, I want to do something on the server side (we use IIS/ASP.NET, if it matters) to prevent the message from ever appearing. I'm not interested in a solution that has each user disable the message in their browser (if that's even possible).
谢谢.
推荐答案
TL; DR:Chrome浏览器具有多种用于确定文件安全性的客户端启发式方法.我不相信您可以采取任何措施确保将文件标记为安全",但我会指出一些可能会有所帮助的事情.
TL;DR: Chrome has a variety of client-side heuristics used to determine a file's safety. I don't believe there's anything you can do to ensure that a file is marked "safe", but I'll point at some things that might help.
确定是否应显示该提示时需要考虑大量逻辑.令人高兴的是,Chromium是开源的,因此您可以仔细阅读逻辑.我对下载代码并不十分熟悉,但是最好的起点几乎肯定是
A good amount of logic goes into determining whether or not that prompt should be shown. Happily, Chromium is open source, so that logic is available for you to peruse. I'm not incredibly familiar with the download code, but the best place to start would almost certainly be ChromeDownloadManagerDelegate::IsDangerousFile. That ends up calling out to download_util::GetFileDangerLevel and download_util::IsExecutableMimeType which seem to be where the checks against mime types and paths live.
基于快速阅读,我认为重定向至少是原因的一部分,因为重定向与用户手势没有直接关系.在这种情况下,直接单击下载比单击某些内容安全",并且通过各种跟踪器和调度程序重定向到该下载,这是不期望用户遵循的.
Based on a quick read, I'd imagine that the redirects are at least part of the cause, as those aren't directly related to a user gesture. Clicking directly through to the download is "safer" in this context than clicking on something, and being redirected through a variety of trackers and dispatchers, as the user can't be expected to follow along.
启发式搜索还会考虑您之前是否曾经访问过特定的URL或域;这也可能会对某些显示为安全"的文件产生影响,而对另一些显示为安全"的文件则造成影响.
The heuristic also takes into account whether you've been to a particular URL or domain before; that could also have an impact on certain files showing up as "safe" and others not.
这篇关于为什么Google Chrome浏览器有时会警告下载的PDF可能会损害您的计算机?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
