Set files to download as octet-stream

[hexacyanide]

This pull request addresses issue #26 by removing the AJAX download mechanism in favor of directly downloading the file from a COG server endpoint. This removes any client-side requirement for a MIME type definition (which would have to be application/octet-stream unless the COG server stores file metadata).

[asayler]

So there is an issue with this, although hopefully it can be fixed since I like the general idea. When you click the download file link in your code, it tries to directly load the URL:

https://<cog api base>/files/<uuid>/contents/

That endpoint, like most the other COG API endpoints, requires basic authentication. Thus, clicking that link in the UI leads to a browser HTTP basic auth prompt. I prefer to avoid such prompts, using the logged-in user's credentials/token directly.

Is there a way to make the download API request using the user's token (stored in a cookie) via js as is done with the other API endpoints? E.g. we essentially want to reverse proxy the download request via the web UI JS, appending the necessary auth headers first and then returning the file the API sends back directly to the user (with the correct filename).

[asayler]

I'll also mentioned that other than the auth prompt, this appears to be working correctly. So I'm happy to integrate it once the auth issue is resolved.

[hexacyanide]

In response to #26, for some odd reason, I actually didn't get any prompts while testing (which in hindsight doesn't make sense, perhaps it was cached headers or something like that). After going back and resetting a few environment variables I do now get the prompt as expected.

I am currently evaluating solutions, although I believe some of them might be less than ideal support-wise (e.g. legacy browsers) given that the web interface doesn't use standard HTTP access control. As such, I was wondering: which browsers should I be targeting for support? (the UI currently uses jQuery 2.2.0, which effectively means that IE 6/7/8 support has already been dropped)

Use of Blob objects would be effective for getting around any problems (such as size) that come with forcing download using data-URIs, but they lack support in IE 9 and only partial support in IE 10 (as well as being completely absent in some mobile browsers). From a practical point of view, the demographic using COG is not likely to be using IE, although I'd appreciate confirmation on whether it's safe for me to assume this.

[asayler]

I'm fine only supporting the latest major versions of Chrome, Firefox, and IE that run on Ubuntu 14.04, Windows 10, and OSX 10.10 or 10.11. On mobile, Chrome on Android and Safari on the latest two iOS systems.

Although if you think there are better solutions to this by switching the web UI to using a different mode of auth, let me know. We could play with that. The API already uses standard HTTP basic auth, so it's really just a matter of how we want to propagate with through to the web UI.

[hexacyanide]

After a bit of thinking it's probably most effective to use data-URIs for now, but I'll report back on some ideas later that might clean up some things. In ef974543b67a4c37d0fc718b489e4caf82fac286 I switched to Blob objects, although I still believe it doesn't work great with larger files. Would appreciate testing and feedback.

[taylorjandrews]

While testing ef974543b67a4c37d0fc718b489e4caf82fac286 in Chrome, the file downloaded without authentication prompt. However, non-text based files would not load properly after being downloaded. When using Firefox clicking on the download link in the table did not initiate any action. I had to open the link in a new tab to trigger the actual download, which then prompted me to authenticate. I haven't tested anything with IE/Edge.

[hexacyanide]

Made some changes which should resolve any outstanding issues. Would appreciate feedback.

[asayler]

Seems to work well. Merging now.