AJ ONeal 5e4f9915e4 | ||
---|---|---|
public | ||
.gitignore | ||
LICENSE | ||
README.md | ||
example.js | ||
index.js | ||
package.json |
README.md
serve-tpl-attachment
var serveIndex = require('serve-index')({
template: require('serve-tpl-attachment')()
});
A fork of the original serve-index
template that, in combination with serve-static
,
provides support for direct file downloads (using the Content-Disposition attachment header).
Example Usage
var serveTpl = require('serve-tpl-attachment');
var serveIndex = require('serve-index')('./public', { template: serveTpl() });
app.use('/', function (req, res, next) {
// enable direct downloads for express.static()
if (req.query.download) {
res.setHeader('Content-Type', 'application/octet-stream');
res.setHeader('Content-Disposition', 'attachment; filename="'+
path.basename(req.url.replace(/\?.*/, ''))
+'"');
}
next();
}, express.static('./public'), serveIndex);
Additional Options
privatefiles
As an additional security precaution you can ignore files which are not world-readable.
For example, this would prevent files in a ~/.ssh
from being read even when dotfiles
are allowed.
{ privatefiles: 'ignore' }
var serveTpl = require('serve-tpl-attachment');
var serveTemplate = serveTpl({ privatefiles: 'ignore' })
This is most effective on Unix-based systems (macOS, Linux, Android). Windows may rely on ACLs instead of user-group-other style permissions.