You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Improve how .asset-permission is applied in templating in cases outside of the default case. Currently the functionality is that we include the .asset-permission class during templating for asset columns default display if none is provided. This does a same origin check before adding the class.
Then chaise will add a click event to elements with this class and perform the same origin check again, before triggering a HEAD request to verify if the user has permission to view and download the asset.
In the case that a markdown pattern is supplied that includes the download attribute (used for download button UI), we should do the following:
if .asset-permission is not present, do the same origin check and add this class if the origin is the same
this will improve potential bad UX scenarios making sure the user has access before showing them an empty page
There shouldn't be an issue with making HEAD requests to cross origins for files
if we get 404, communicate to our users the link won't work
if we get 3XX, ignore the response and try anyways
add .no-asset-permission support to turn off this check for same origin downloads
I'm not sure if this is necessary except to reduce making more requests when there are no permissions policies in place
make sure error scenarios make sense in chaise
are there any errors returned by HEAD request that can be ignored and download anyway?
What to do for different error scenarios:
3XX
4XX
5XX
Other changes:
add .no-external-link to turn off the feature on a per asset basis to behave similar to the chaise config property for just this asset (chaise config property)
Improve how
.asset-permission
is applied in templating in cases outside of the default case. Currently the functionality is that we include the.asset-permission
class during templating for asset columns default display if none is provided. This does a same origin check before adding the class.Then chaise will add a click event to elements with this class and perform the same origin check again, before triggering a
HEAD
request to verify if the user has permission to view and download the asset.In the case that a markdown pattern is supplied that includes the
download
attribute (used for download button UI), we should do the following:.asset-permission
is not present, do the same origin check and add this class if the origin is the same.no-asset-permission
support to turn off this check for same origin downloadsHEAD
request that can be ignored and download anyway?Other changes:
.no-external-link
to turn off the feature on a per asset basis to behave similar to the chaise config property for just this asset (chaise config property)Issue in chaise from when this was originally implemented.
The text was updated successfully, but these errors were encountered: