I've just finished some courses on html and css, and am moving on to learning other languages. But as of yet, I don't know any other languages at all.
I'm learning to code to build my music website.
The most important thing to me is for people to download the songs I put up on the site.
I'm not asking for the code to do this. I want to know what is required so that I can learn how to do it.
I don't want people to download it simply by right clicking on the file and saving it. I want them to click on the link and their browser starts downloading it.
I've tried to search on forums and youtube and on this site, but what I've found is either not what I wanted or is beyond my understanding.
So, I'd appreciate a simple guide in what to learn to be able to create a link where, when someone clicks on it, the browser is prompted to download the audio file.
Here's my HTML. I've labeled where I plan to put my download link.
<table>
<tr><!--Off The Grid-->
<!--Song Title --> <td>Off The Grid</td>
<!--Audio File --> <td>
<object width="200px" height="15px">
<param name="src" value="../audio/off_the_grid_michael_pitluk.mp3">
<param name="autoplay" value="false">
<param name="controller" value="true">
<param name="bgcolor" value="#ffffff">
<embed src="../audio/off_the_grid_michael_pitluk.mp3" autostart="false" loop="false" width="75px" height="40px" controller="true" bgcolor="#ffffff"></embed>
</object>
</td>
<!--Download Link--><td>Code for a button to download the song</td>
<!--Social Media --><td>
<ul>
<li>Fill in with Tweet button</li>
<li>Fill in with FB share button</li>
</ul>
</td>
</tr>
</table>
The way the server sends the file, and the way the browser is configured to use it depend on the action that the browser will take. The link itself has no input on this.
You need to look at mime types, and how they're used within HTTP Headers.
By way of example:
I click on a link to www.example.com/song.mp3, my browser sends a request to the server.
The server sends back the file with a http header saying content-type: audio/mp3
My browser looks to see if it has anything that can deal with that file. If it does, it may play the file directly. (This is what happens for html, and pictures)
If the browser is unable to find a handler then it may prompt you to save the file (or perhaps just start saving the file automatically).
To force the 'download' behavior, you can either configure the server to send a mimetype that the browser won't handle automatically. This approach can generally be done on a server configuration level. Note that you have no control over what the browser does, and some browsers may still try to handle the file anyway.
Alternatively, you can send the file as an attachment, if you set the content-disposition header, like Content-Disposition: attachment; filename="song.mp3". This approach generally requires some form of code (eg php, asp.net, ruby, etc) to do this behaviour.
Your website should have a file called .htaccess in the site's "root directory" (the root directory is the folder that contains all the rest of your site's files). Assuming your site is running on an Apache server, if there is no such file then you should be able to add one. Just name the file .htaccess and place it inside the same folder where index.php or index.html lives (the root directory).
After that, inside your new .htaccess file, you can add something like this:
AddType application/octet-stream .mp3
... which will force all .mp3 files to be downloaded rather than played in the browser.
There are other methods, but they depend on the language your site is written in. If it's strictly html though, this is the only option I can think of.
Hope that helps... Let me know if you need me to clarify anything. :)
Related
What I would like to do, is to use dropzone.js as a drag&drop zone.
I don't want to upload the files, what I would like is to be able to access them and process them with jszip on the browser level (no server scripts, ajax etc.) using vanilla javascript.
I know how to process files from an field, but I would like to combine this with DropZone.js as it is more user friendly (able to add/remove files, see thumbnails etc.)
The documentation is not very clear on the events to use, could someone give me a hand or a guiding direction?
right, found it.
myDropzone.files
myDropzone.getAcceptedFiles();
From here you can access the files and their details as if it where an html input field.
All info is in the documentation in the end
I'm currently researching for the method of tracking event that client user attachs a file in the browser.
Which means whenever user tries to upload a file to place such as: gmail, messenger, facebook, slack, etc; I can grab the info of that file and intercept if I want.
What is the info of attach file?
Basic metadata information: File name, size, file format
Content of the file (if the file is human readable: text, doc)
What are the intercept actions?
Delay for a specific amount of time: user cannot send file until this delay time is over
Block attach file:
Method 1: block uploading file
Method 2: block sending
When will I intercept?
When file name or file content contains the keywords in my blacklist
Briefly, those are my aims. If you're wondering why I'm doing this, what I can only say is I want to prevent sending private files to the network through "browser" (Chrome, Edge, Firefox, etc)
Now, I'm quite lost in the document of developing extension and desperately asking for help.
My questions are:
Could I achieve those goals using browser extension? And are there any successfully solutions or ideas that you can recommend?
Could I intercept so far in popular browser, i.e: Chrome, Edge, Firefox, etc? Or the solution will only works in Chrome!!!
P.S: Other solutions without browser extension will also be appreciated. (Especially in Go)
I'm currently developing a picture-storage on MVC3 and have a question how to restrict access to images.
If I insert image into HTML lice <img src="/ImagesFolder/image0001.jpg"> it will be shown correctly, but anyone who write full path in browser will get that image too. I don't wand to permit it.
One way is to embed image as base64 string, but it is suitable only for small images, I have large ones.
I've seen recommendations to create image-accessing action, and use something like
<img src="/GetImage?ID=1123">, but at that GetImage page I will still use either direct-path or base64 methods? and in first way full path to imagefile will be translated into parent view and still can be seen in picture properties?
Is there a way to use System.Drawing.Image in <img src=""> or any other way? Do you know any samples?
One way to do this is put all of the images into a path which is not published by the http server. This way there is no direct path users can put into the browser.
Scripts themselves are on the server so they can access this path. Your image-access method should be a script which returns actual data and identify itself as the data it is serving image/jpeg for jpegs for example. This way if somebody accesses GetImage method by some other means than the one you have designed the script can detect it (by referer, or other means) and return nothing.
I think that the "image-accessing action" solution you mention is the easiest one to implement. The GetImage script could for example check for a cookie that you set in your application, so that only people that have first visited your site can receive the images.
Now, if you want to prevent people to display the images by typing the URL in the browser after they visited your site, this is more tricky and in my opinion there isn't an easy solution for that. You might check the Referer HTTP header to see if the request is related to your website (as Referer will be empty when putting the URL into the URL bar, but will contain the URL of the page containing the image when it is included with <img src=...>), but this solution has a drawback, as it will prevent browsers not sending the Referer header (generally for privacy reasons; it is not a very wide-spread configuration but this happens) from seeing your images at all. A second possible drawback is that people will probably be able to see the images that are already cached in your browser by typing their URL, unless you can configure the server to serve them with some headers disallowing caching.
I was reading about attacks on sites with the ability to upload and download files. Some attacks were about uploading a jpg which is really a html file and a comment about what if you want users to be allowed to store html and download them (or perhaps view them in the browser w/o using the save as feature).
Is there some type of flag i can use to say do not execute? I will want users to view images or video files other have uploaded. What if i'd like user html to be displayed but i dont want to force users to download them (content-disposition attachment).
Is there a way i can say hey here is some user data. It could be an image so i should allow img src to work. It could be an html so i'd like users to see it but dont allow it to read/write cookies/localstorage/call ajax request/etc?
-edit- Come to think of it. All of my user data is hosted on its own cookieless subdomain for static files. That would get rid of many problems i mention but what else is left to deal with? Also i believe my mime response completely depends on what my web server does (nginx atm) which could simply be look at the file extension.
-edit2- I adjusted my nginx config to add the application/unknown Content-Type. It seems to do exactly what i want. I saw a suggestion to use octet-stream for unknown files but that causes browsers (at least firefox) to try to download it even if its a jpg capable being viewed in browser.
It all depends on the Content-Type in your HTTP Response.
Browsers handle the data returned by the Content-Type in HTTP response.
For example if let say a user uploads a HTML file in a upload field supposedly for photo upload, as long as your web server gives Content-Type as image/jpeg (or image/png et al) the browser should handle it as an image - and in this case an invalid image because the image contains weird HTML stuff inside instead of the usual binary.
In any case, if you are feeling unsecure, you can always peek into the file data during upload validation.
I had some time off recently and thought it would be a neat exercise to see how quickly I could put together a working program to automatically retrieve '.torrent' files for me. I'm aware there are existing solutions, but this was more of a programming exercise.
All was well, it ran, checked the sites for new torrents, and attempted to download them. But this is where I'm running into a problem; one of the sites that I'm trying to download the .torrent file from is giving me a file containing this instead of the torrent file when I try to download it;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at forums.mvgroup.org Port 80</address>
</body></html>
My first thought was maybe a broken link, so I went and successfully downloaded the file in my browser, so it's not a broken link.. My next thought is that maybe I'm not downloading the file correctly.. This is the example that I used, and this is actual code that's doing the downloading in my program.
I have a sneaking suspicion this is going to turn out to be one of those brain-dead simple gotchas, but I'm having a heck of a time figuring it out. Does anyone know why I'm getting a 400, or how to fix this?
A broken link should return a 404 Not Found error. Because you can retrieve the file with a browser I see there are two other possible issues: Either you are missing handling redirects in your code that the browser handles automatically, or you are missing needed session IDs or cookies or some state value. Again, a browser will handle those but your code will not unless you write it in, or take advantage of the right gem.
The sample code you link to at http://snippets.dzone.com/posts/show/2469 is rudimentary, but is not wired to follow redirects, which is what I suspect you need. I glanced at your code and it doesn't handle them either. The "Following Redirection" sample code in the docs for Net::HTTP shows how to do it.
Rather than write the code to retrieve the URL yourself, amounting to reinventing the wheel, I recommend using Ruby's Open::URI, because it handles redirects automatically along with time-out retries. It's easy to use and a good work horse for those normal "get a URL" jobs.
If you want to have a gem that handles redirects and cookies and session IDs, look at Mechanize. It's a very good gem for general purpose tasks, though it is really designed for navigating web sites.
For more robust tasks, Curb and Typhoeus are good because they can handle multiple requests, though you'll need to write a bit more code for managing the files and navigating sites. For a file download they'd be fine.
You need a logging proxy in between, so you can see which bytes go over the wire.
If you use Eclipse, it has a http proxy available. I believe it is part of the Eclipse Java EE download.