Keep-web flow » History » Revision 1
Keep-web serves files from Keep collections as normal HTTP documents.
This is mitigated two ways:
- By serving files with "content-disposition: attachment" which tells the browser to open up the download dialog straight away and don't try to show the files.
- Using separate a separate domain for downloading, so the browser won't send workbench cookies.
This raises the challenge: how to provide the API token to keep-web to enable download?
When user clicks on a workbench download link...