在iFrame中打开CSS文件时阻止浏览器提示文件下载? [英] Prevent browser from prompting for file download when opening CSS file in iFrame?
问题描述
我有一个网页应用,可以将任意页面或文件加载到iFrame中。
I have a web app which loads an arbitrary page or file into an iFrame.
在某些浏览器中,当将iFrame的src指向css文件时,而不是显示css文本,出现下载/打开文件提示。
Under some browsers, when pointing the iFrame's src to a css file, instead of displaying the css text, a "download/open file" prompt appears.
有什么办法可以防止这种情况发生吗?我理解默认情况下不下载或打开非文本文件的有效安全原因,但css文件或任何text / * filetype应该足够安全(实际上比HTML更安全!)
Is there any way to prevent this? I understand the valid security reasons for not downloading or opening a non-text file by default, but a css file or any text/* filetype should be safe enough (safer than HTML in fact!)
css文件的响应标题如下所示:
The css file's response header looks like the following:
Content-Type: text/css; charset=utf-8
Status: 304 Not Modified
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.4
Etag: "34b924980254e212b651bcae25da011e"
Last-Modified: Thu, 04 Feb 2010 11:01:59 GMT
X-Runtime: 0.11366
Server: nginx/0.7.62 + Phusion Passenger 2.2.4 (mod_rails/mod_rack)
Content-Encoding: gzip
200 OK
现在我知道我可以使用XHR代替获取文本然后显示它的iFrame,但在此应用程序中,内容可以想象是由用户在运行时确定的任何内容,而不是预定义的页面/文件集。它需要在iFrame中而不是在父窗口中将XHR响应加载到div中,因为加载的页面可能有一些依赖于正确位置字符串的javascript(例如分析,广告,基于javascript的博客/评论系统)等等。)
Now I know I could use XHR instead of an iFrame to get the text and then display it, but in this application the content could conceivably be anything, determined by the user, at run-time, rather than a pre-defined set of pages/files. And it needs to be in an iFrame rather than loading an XHR response into a div in the parent window as the loaded page may have some javascript which relies on the correct location string (such as analytics, ads, javascript-based blog/comment systems, etc).
另一个选择是XHR来计算文件类型,然后
Another other option would be XHR to work out the file type, then
- 为iFrame设置src属性(如果是HTML),或
- 将响应内容复制到iFrame(如果是纯文本)
- 什么都不做如果二进制文件
该解决方案的问题在于,在第一种情况下,我最终需要发送两个请求而不是只有一个。优点是我可以完全忽略二进制文件,但在此应用程序中,用户将尝试将除HTML或其他纯文本页面之外的任何内容加载到框架中是值得怀疑的。
The problem with that solution is that in the first case, I'd end up needing to send two requests rather than just one. The advantage is that I can ignore binary files outright, though in this application it is doubtful that the user will try to load anything other than a HTML or other plain text page into the frame.
我很确定不会有一个简单的解决方案(如果有的话),但是没有比这里更好的地方了,所以......
I'm pretty sure there's not going to be a simple solution (if any at all), but there's no better place to ask than here, so.....
编辑2010年2月12日:
由于缺乏答案,我假设我的原始假设是正确的(没有办法做到这一点,如果有的话),因此唯一的解决方案要么完全忽略问题(不理想),要么使用我建议的XHR方法来确定响应类型,并且只在HTML中加载到帧中。同样,这不是理想的,但如果浏览器缓存了XHR响应,这会使事情变得更好,所以:
By the lack of answers, I'm assuming my original assumption is correct (no way to do this, if at all), thus the only solutions are either to ignore the problem altogether (not ideal), or use my suggested method of XHR to determine response type and only load into frame if HTML. Again, this is not ideal, but if the browser cached the XHR response, this would make things a little better, so:
有谁知道浏览器是否通常会缓存一个XHR响应,所以如果随后将相同的URL加载到IFRAME中,将使用缓存版本?我意识到这是依赖于浏览器和设置的,但是例如IE和带有开箱即用设置的Firefox会这样做吗?
Does anyone know whether a browser would usually cache an XHR response so if the same url was subsequently loaded into an IFRAME the cached version would be used? I realise this is browser and settings dependent, but would for example IE and Firefox with out-of-the-box settings do this?
推荐答案
在您的网络应用程序中,您可以拥有一个页面(使用您正在使用的任何语言,假设您不是仅提供静态文件),该页面采用的参数是您要查看的文件的路径,然后在IFRAME中加载
Within your web app you could have a page (in whatever language you're using, assuming that you're not serving up solely static files) that takes a parameter which is the path of the file you want to view and then load that in the IFRAME
所以不是将IFRAMEs src设置为somefile.css(或者它是什么文件),而是将src设置为FileViewer.php? filepath = / somefile.css(用所选语言替换.php),然后让FileViewer页面从文件系统加载文件并将其渲染出来,但设置了Content-Type。
So rather than setting the IFRAMEs src to "somefile.css" (or whatever file it is), set the src to "FileViewer.php?filepath=/somefile.css" (replace .php with the language of choice), and then have the FileViewer page load the file from the filesystem and render it out but with a Content-Type set.
这篇关于在iFrame中打开CSS文件时阻止浏览器提示文件下载?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
