paulftw
commented
2 years ago I agree with your comments, @jimmywarting, however the download code is already part of FileSaver.
Since this PR is changing existing functionality and touches on security, I'd rather make withCredentials an optional setting, default to false (to preserve current behavior). That way it wouldn't affect anyone who upgrades to latest version without looking.
really think you should be downloading a blob on your own, it isn't really the job of filesaver to download files. it's technically bad to download the hole file into the memory and then save it.
It's much better if you can do
<a href="link" download="name.txt">instead. Cookies will be included/sent... it's possible to trigger it with a click.also if the server can send content-disposition attachment header then that is even better