devxlogo

How to Force a Browser to Display a “Save As/Run from Location” Dialog

How to Force a Browser to Display a “Save As/Run from Location” Dialog

Why Trust Us

Today, most browsers are designed to handle the known mime types in a very user-friendly manner. For example, if a server program writes an image/jpeg as a mime type, the browser will open the registered image viewer to display the contents. This would be true for any registered mime type on the client machine.

While this feature provides an easier user interface, it also poses a severe security threat for Web applications. The mime type’s contents could include viruses, session hijackers, or cookie spyware programs.

To solve this security problem, you can force the browser to display a “Save As/Open from current location” dialogue box when it wants to write known binary content to the client.

The official approach for this is to use a http header to request the display of user permission dialog box. This header is known as “Content-Disposition.”

Following is the sample for Java-based applications, though almost all http libraries provide an API to set an http header.

HttpResponse.setHeader("Content-Disposition "," attachment; filename= tip.jpeg");
Disclosure
devxblackblue

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist

Charlie Frank

Charlie has over a decade of experience in website administration and technology management. As the site admin, he oversees all technical aspects of running a high-traffic online platform, ensuring optimal performance, security, and user experience.
View Author
Show More