Recently, while working on a project, I was tasked with hiding the source path of downloadable content.  I knew that if I passed the filepath anywhere on the server it wouldn't be secure.  A great tag to use if you don't want to share file paths, or if you want to store files in somewhere other than the webroot folders is the ""CFHeader" tag.  CFHeader sets the content header and in this case can be used to change how the file is grabbed from a server.  One can even make images download by default instead of loading in the browser.

view plain print about
1<cfset filePath = "e:\file_path\somerandomimage.gif">

And next we'll drop in a cfheader tag, with the content type of attachment.  This (along with the next snippet of code) tells the browser that the content being downloaded should save to the system, not load in the browser:

view plain print about
1<cfheader name="Content-Disposition" value="attachment; filename=""#getFileFromPath(filePath)#""">

Finally we'll set the cfcontent tag to accompany the cfheader tag:

view plain print about
1<cfcontent file="#filePath#" type="application/octet-stream">

 

That's all there is to it, now you can set files to download from non-webroot locations and the paths won't show. 

NOTE: You'll notice I used two double quotes instead of single quotes in the cfheader tag around the filename, this is because single quotes aren't effective for this portion of the tag.  Also if you want to add spaces, you will need two double quotes.

This entry was posted on December 16, 2009 at 3:17 PM and has received 427 views. There are currently 0 comments. Print this entry.