50 lines
1.4 KiB
Markdown
50 lines
1.4 KiB
Markdown
serve-tpl-attachment
|
|
==================
|
|
|
|
```js
|
|
var serveIndex = require('serve-index')({
|
|
template: require('serve-tpl-attachment')()
|
|
});
|
|
```
|
|
|
|
A fork of the original `serve-index` template that, in combination with `serve-static`,
|
|
provides support for direct file downloads (using the Content-Disposition attachment header).
|
|
|
|
### Example Usage
|
|
|
|
```js
|
|
var serveTpl = require('serve-tpl-attachment');
|
|
var serveIndex = require('serve-index')('./public', { template: serveTpl() });
|
|
|
|
app.use('/', function (req, res, next) {
|
|
// enable direct downloads for express.static()
|
|
if (req.query.download) {
|
|
res.setHeader('Content-Type', 'application/octet-stream');
|
|
res.setHeader('Content-Disposition', 'attachment; filename="'+
|
|
path.basename(req.url.replace(/\?.*/, ''))
|
|
+'"');
|
|
}
|
|
next();
|
|
}, express.static('./public'), serveIndex);
|
|
```
|
|
|
|
Additional Options
|
|
==================
|
|
|
|
### privatefiles
|
|
|
|
As an additional security precaution you can ignore files which are not world-readable.
|
|
|
|
For example, this would prevent files in a `~/.ssh` from being read even when `dotfiles` are allowed.
|
|
|
|
`{ privatefiles: 'ignore' }`
|
|
|
|
```js
|
|
var serveTpl = require('serve-tpl-attachment');
|
|
|
|
var serveTemplate = serveTpl({ privatefiles: 'ignore' })
|
|
```
|
|
|
|
This is most effective on Unix-based systems (macOS, Linux, Android).
|
|
Windows may rely on ACLs instead of user-group-other style permissions.
|