Support Content-Disposition attachment response downloads for server/remote files.

[arivera12]

Problem

When downloading a file from a server directly to JavaScript or Blazor the browser has it's own memory and hardware limitations.

Solution

We should use Content-Disposition attachment response header as it has more cross-browser compatibility.

When using Content-Disposition attachment response header the backing store that the browser uses its the local disk.

This way we will bypass the limitations of the Max File Size of JavaScript and Blazor.

Brainstorming

To make this work with seamless integration we would need to create a JavaScript function which:

1. Creates dynamic blank window
2. Creates a dynamic form inside the new window with
   1. action="specified url"
   2. method="specified method"
   3. enctype="specified encode type"
3. Creates dynamic hidden inputs if an object is provided as argument
4. Submits the form in that window to the specified url
5. File download process within the browser should get triggered automatically

Not sure if I am missing something else but this should trigger the file download process within the browser provider and no data should be loaded into memory to JavaScript or Blazor and go straight to the device local disk instead.

Why not an iframe and a window instead?

Iframe will only work on sites that are on the same domain or sites with Access-Control-Allow-Origin response header

If neither of them are considered or present we will hit for sure the same-origin policy error.

Authorization Header

Authorization tokens may be passed down to the new window and form as an input value to be submitted with the rest of the other inputs values.

AFAIK there is no way to pass down authorization token in a header when submitting a form or sending cross domain cookies.

Sample references

https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_win_open3 https://gist.github.com/carlosrivera/768b0c14e083c1ab423f