It is currently impossible to activate the extensionfor all files
We would like to configure the extension to secure all files in the secure directory. We tried to set the setting "basic.securedFiletypes" to ".*" which would match every extension, however this breaks the frontend (regex matches characters outside of the href= attribute). Then only setting that worked was [^'"]+ (which is clearly a hack, but matches everything until the closing " of the href attribute).

To Reproduce
Steps to reproduce the behavior:

1. Install Secure Downloads 3.0.0
2. Configure basic.securedFiletypes with .*
3. Open page with secured file on it
4. open secured file

Expected behavior

• The secured file should be opened.
• The page with the secured link should be rendered correctly.

Additional context
One setting, which we also tried, was .*? - this would match so few characters as possible (lazy) - but then we could not open the secured file, we got an error "Hash invalid! Access denied!"

Currently only the specification of absolute folder paths is possible. I'd really like to be able to select subfolders by name, i.e. each folder called "locked" will be treated as secured folder.

This can be reached with a small change in HtmlParser.php:

// This line (118):
// $this->tagPattern = '/["\'](?:' . $this->domainPattern . ')?(\/?(?:' . $this->folderPattern . ')+?.*?(?:(?i)' . $this->fileExtensionPattern . '))["\']/i';
// has to get changed to:
$this->tagPattern   = '/["\'](?:' . $this->domainPattern . ')?(\/?.+(?:' . $this->folderPattern . ')+?.*?(?:(?i)' . $this->fileExtensionPattern . '))["\']/i';

So in the preferences "fileadmin" could be replaced by "locked" to make folders with that name secure.

It could then be used in combination with a corresponding Apache directive to secure those folders in general:

<DirectoryMatch "^/path-to-typo3/fileadmin/.+/locked/">
        Order deny,allow
        deny from all
</DirectoryMatch>

Describe the bug
From a site on domain1.com we link to a file in the fileadmin of a different site (which does not have secure_downloads) on domain2.com (for example https://domain2.com/fileadmin/file.pdf). The link is replaced with a "secure" link.

It looks like the problem is in Bitmotion\SecureDownloads\Parser\HtmlParser::__construct, line 87. If I understand the regexp in $this->tagPattern correctly, the domainPattern is optional, so any link which matches the folder and extension pattern, regardless of domain, will be replaced.

To Reproduce
Steps to reproduce the behavior:

1. Create link on site on domain1.com to a file in fileadmin on domain2.com
2. In the frontend you will see the link https://domain2.com/index.php?eID=tx_securedownloads&etc, which doesn't work.

Expected behavior
The link should not be altered

Additional context
TYPO3 version 9.5.10
secure_downloads version 3.0.0

I installed secure_downloads on a dev server running under HTTP, to replace naw_securedl. When I installed the extension on the production site with the same settings, running under HTTPS, the links are not converted to secure links and are only the plain links.

https_enforcer is also installed.

Thank you

The extension replaces successfully download links with the secured one. Unfortunately it replaces also stuff inside class attributes and so on. I didn't digged deep into that, but see the screenshots that should explain that pretty well. I simply changed the link prefix option to "download-secure" instead of "download" in order to fix this.

BEFORE:

AFTER:

Installation of the extension under 7.6.10 fails with this error:

A non-empty PSR-4 prefix must end with a namespace separator.

the autoload part in composer.json looks wrong:

  "autoload": {
    "psr-4": {
      "Bitmotion\\SecureDownloads": "Classes"
    }
  }

Would be nice if this extension has the option to create a mail report (and/or download options for different file formats) of the download statistics. This can be integrated as a scheduler task for example.

Hi,
the timeout with timestemp does not work. After timeout the link still works.
TYPO3 6.2.28 / 7.6.12

Describe the bug
After enabling the apacheDelivery I receive a fatal error.

To Reproduce
Steps to reproduce the behavior:

1. enable the apacheDelivery checkbox and save
2. reload or open the frontend with a site which uses the secure_downloads plugin

Expected behavior
No fatal error, in the best case, a working delivery via apache2.

Additional context

<b>Fatal error</b>:  Uncaught Error: Call to a member function publishAccessRestrictionsForPath() on null in /[...]/typo3conf/ext/secure_downloads/Classes/Resource/Publishing/Apache2DeliveryProtectedResourcePublishingTarget.php:133
Stack trace:
#0 /[...]/typo3conf/ext/secure_downloads/Classes/Resource/Publishing/Apache2DeliveryProtectedResourcePublishingTarget.php(69): Bitmotion\SecureDownloads\Resource\Publishing\Apache2DeliveryProtectedResourcePublishingTarget-&gt;mirrorFile('/...', '/...')
#1 /[...]/typo3conf/ext/secure_downloads/Classes/Resource/Publishing/AbstractResourcePublishingTarget.php(84): Bitmotion\SecureDownloads\Resource\Publishing\Apache2DeliveryProtectedResourcePublishingTarget-&gt;publishResource(Object(TYPO3\CMS\Core\Resource\Folder))
#2 /[...]/typo3conf/ext/secure_downloads/Classes/Resource/Publishing/ResourcePublisher.php(63): Bitmotion\SecureDownloads\Resource\Publishing\AbstractResourcePublishingTar in <b>/[...]/typo3conf/ext/secure_downloads/Classes/Resource/Publishing/Apache2DeliveryProtectedResourcePublishingTarget.php</b> on line <b>133</b><br>

Hi there,
the database has all downloads tracked, but the page id is not written.
so the log analysis by page doesn't show the downloads at all.
typo3 7.6.18
secure_downloads 2.0.5
best

Hi!
I´m using the extension in an TYPO3 9.5, but theres no Backend Module.
Theres no option to activate it in the extension manager:

Any Ideas?
Thanks!
Best,
Chris

First of all, thanks for all the work – I was very happy about finding this extension. But testing it left me quite puzzled when I saw that a file link provided by the extension reveals the actual file path. Yes, the link itself is only working for a logged in user … but you just have to remove everything from the URL between domain and file path and you can still get the file without being logged in. Or am I doing something wrong in using the extension?

A (probably) simple solution would be to use a file’s UID for the query parameter “file” and have the script get the “identifier” from the “sys_file” table.

The middleware causes a crash deep inside TYPO3, because no ID was given with the request and a determineId call is missing to fetch it. This results in the following crash. Find an easy fix therefore applied. This call is also inside the main middleware controller of TYPO3.

secureDownloadsCrashesBecauseNotPageIdIsAvailableInDeliverContext.txt

I have a site which lets users download files, if they are logged to the frontend system. The problem is, the small files - ~5Mb are downloaded fully, however bigger files, which take up to ~250MB of space, cannot be downloaded(getting 1KB gibberish).

Deactivated secure_downloads and it is working fine.. I am not 100% sure if it is a bug, however I have not found any option to choose the maximum download size or anything similar, so feedback would be appreciated.

TYPO3 8.7.0
PHP 7.0
Extension Version 2.0.4

Error comes up when page is rendered from cache. apacheDelivery is turned off by default.

In ResourcePublisher::getPublishingTarget GeneralUtility::makeInstance is called with the ResourcePublishers class name as argument. Since the DI setter of the publishingTarget property has ResourcePublishingTargetInterface annotated, the objectManager resolves the Interface name to the registered alias (PhpDeliveryProtectedResourcePublishingTarget), the GeneralUtility however gets the ResourcePublishers class and simply fetches it from the singleton storage.
This results in a recursive call to ResourcePublisher::publishResourceUri until the nesting level is reached (with xdebug installed) or the memory limit is exceeded.

The correct line would rather get an instance of the extbase ObjectManager which then fetches the correct implementation
Example line that works:
$this->publishingTarget = GeneralUtility::makeInstance(ObjectManager::class)->get(ResourcePublishingTargetInterface::class);

Describe the bug
Every file delivery through secure_downloads leads to an error log entry:

Core: Error handler (FE): PHP Warning: Cannot modify header information - headers already sent by (output started at /.../htdocs/public/typo3conf/ext/secure_downloads/Classes/Resource/FileDelivery.php:404) in /.../htdocs/public/typo3/sysext/core/Classes/Utility/HttpUtility.php line 117

In FileDevilery, the method sendHeader() is called before outputFile() in which the ob_flush() command triggers the sending of headers.
After outputFile(), exitScript() is called with HTTP 200 OK header, which leads to the mentioned PHP Warning.

To Reproduce
Steps to reproduce the behavior:

• Request a resource secured by secure_downloads

Expected behavior
Prevent duplicated headers send by ob_flush().

Environment (please complete the following information):

• Extension Version: 4.0.0
• TYPO3 Version: 9.5.10
• Browser: chrome
• Web Server: Apache 2.4
• PHP Version: 7.2.25

Hello,

Configuration of Securedownload seems to be ok and assets are protected in the frontend.

However no image previews are available in some places of the backend and only broken/missing images are shown in file list or in the image tab when editing the content element.

The content element preview in the page module shows the images as expected below the text!

File list module outputs an empty img src attribute:
<img src="" title="_MG_0023.jpg" alt="" width="64" height="45">

While editing a content element (Text and image) just a root reference "/" is in the img src attribute.

When secure download is activated I catch lots of those messages:

Core: Error handler (FE): PHP Warning: Cannot modify header information - headers already sent by (output started at /complete/and/correct/path/typo3conf/ext/secure_downloads/Classes/Resource/FileDelivery.php:463) in /complete/and/correct/path/typo3/typo3_src-9.5.11/typo3/sysext/core/Classes/Utility/HttpUtility.php line 117

or

  | Core: Exception handler (WEB): Uncaught TYPO3 Exception: Call  to a member function debug() on null \| Error thrown in file  /complete/and/correct/path/typo3conf/ext/secure_downloads/Classes/Parser/HtmlParser.php  in line 129. Requested URL: https://oururl/subsegment
-- | --

Any suggestions how to investigate on that?

Thank you

Lutz

Environment:

• Extension Version: 4.0.0
• TYPO3 Version: 9.5.11
• Browser: many different versions
• Web Server: Apache 2.4.10
• PHP Version: 7.3.12

We are using
https://github.com/andersundsehr/aus_driver_amazon_s3
to connect a file storage to Amazon S3 and now wanted to secure some of our links.
Unfortunatly the basic,domain is always prepended here:
https://github.com/bitmotion/typo3-secure-downloads/blob/master/Classes/Parser/HtmlParser.php#L201

Did we configure something wrong or is this not possible at the moment?

Hi!

How is this extension different to https://github.com/beechit/fal_securedownload ?
Would it make sense to join forces somehow?

I have an Extbase controller that creates som JSON for an Angular app. This JSON contains some download Links for Dokumnents that should be protected. I build the links with typolink:

 $cObj = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\FrontendContentObject\\ContentObjectRenderer');
        $conf = array(
            'parameter' => 't3://file?uid=' . 'nnn',
            'useCashHash' => false,
            'returnLast' => 'url',
            'forceAbsoluteUrl'  =>  false
        );
        return $cObj->typolink_URL($conf);

But this links are not secured by the extension.

Is there a way to get secure download links making them in a controller?

After clicking "Download Traffic" I get an uncaught TYPO3 Exception.

Steps to reproduce the behavior:

1. Go to 'Download Traffic'
2. See error: Oops, an error occurred! The argument type for parameter $filter of method Bitmotion\SecureDownloads\Controller\LogController->showAction() could not be detected.

Expected behavior
BE module should be usable without any error.

Environment (please complete the following information):

• Extension Version: 3.0.2 also tested with downloads-release-3.x (4482eda)
• TYPO3 Version: 8.7.29
• PHP Version: 7.0.33

Additional context
Add any other context about the problem here.

Describe the bug
The extension icon in Resources/Public/Icons/Extension.* is missing. it can be gif, png or svg - jpg probably too.

To Reproduce
Steps to reproduce the behavior:

1. Use extension helhum/typo3-secure-web and bitmotion/typo3-secure-downloads in composer-mode.
2. Go to 'Maintanance' -> 'Manage Language Packs'
3. Chose any language, load translation files
4. See error.

Expected behavior
The icon should be shown

Additional context
see also helhum/typo3-secure-web#8

Describe the bug
having a path configured with config.absPathPrefix, like this: /this/is/my/path/ the final slash is removed and the filepath in the URL looks like this: /this/is/my/pathindex.php?eID=tx_securedownloads&p=3&u=0&g=0&t=1545233103&hash=e6d30b44970b825848915ac96215cf38fa32f802&file=/fileadmin/_processed_/e/5/csm_xxx.png

To Reproduce
Steps to reproduce the behavior:

1. Configure TYPO3 to reside in a subdirectory
2. Enable secure_downloads
3. Configure config.absPathPrefix according to the subdirectory
4. See error

Expected behavior
The example URL should look like this: /this/is/my/path/index.php?eID=tx_securedownloads&p=3&u=0&g=0&t=1545233103&hash=e6d30b44970b825848915ac96215cf38fa32f802&file=/fileadmin/_processed_/e/5/csm_xxx.png
... so with slash after the path and before index.php

Desktop (please complete the following information):

• OS: Win 10
• Browser chrome, latest version 71.0.3578.98 (Official Build) (64-bit)
• Version 3.0.0
• TYPO3 9.5.3

Additional context
helhum/typo3-secure-web is used

Is your feature request related to a problem? Please describe.
For newsletters like e.g. directmails, the secured file link should never expire.

Describe the solution you'd like
A option to disable the functionality for domains or pages.

Describe alternatives you've considered
Rewrite of the expired secure link to the file in the root htaccess file.

Deprecation log adds two new entries with 2.0.3

Changed showitem string of TCA table "tx_femanagerextended_domain_model_member" type "1" due to changed field "sys_language_uid".
Migrated TCA table "tx_securedownloads_domain_model_log" showitem field of type "1": Moved additional palette with name "1" as 3rd argument of field "hidden" to an own palette. The result of this part is: "hidden, --palette--;;1"

i had a look on the code for version 2.0.4 and the error is still there.
Line 29 of tx_securedownloads_domain_model_log.php should be:
'1' => array('showitem' => 'sys_language_uid, l10n_parent, l10n_diffsource, hidden,--palette--;;1, file_id, file_name, file_path, file_size, file_type, media_type, bytes_downloaded, protected, host, typo3_mode, user, page, tstamp, --div--;LLL:EXT:cms/locallang_ttc.xlf:tabs.access, starttime, endtime'),

secure links should be added only on internal links like in Version 2,0,6

After clicking "Download Traffic" and "Filter results" I get an uncaught TYPO3 Exception.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Download Traffic'
2. Add filter. Example: Use "Filetype": "application/pdf"
3. Click "Filter"
4. See error: Exception while property mapping at property path "": Setter for property "feUserId" had no type hint or documentation in target object of type "Bitmotion\SecureDownloads\Domain\Model\Filter".

Expected behavior
BE module should be usable without any error.

Version
secure_downloads version 3.0.3-dev (git hash: a1c017c)

Describe the bug

The filename in the URL is prepended by a slash on second page load (...b8e//downloads/...): download/19/2/3/1557843366/3145c1099506fa5245bd07b1b847ea682e0d5b8e//downloads/test.pdf

To Reproduce

1. Install and enable secure_downloads
2. Configure secure_downloads for folder "downloads" in web root (same problem in fileadmin)
3. Clear frontend cache and reload page (expected behavior)
4. Reload page again (see bug)

Expected behavior

On first page load the URL is rendered properly (...b8e/downloads/...): download/19/2/3/1557843366/3145c1099506fa5245bd07b1b847ea682e0d5b8e/downloads/test.pdf

Desktop (please complete the following information):

• Version 3.0.0
• TYPO3 9.5.6

Describe the bug
I installed the extension and configured everything as described in the documentation. The links are generated as I would expect it, but no matter if I'm logged in with a FE user or not, I can still download every "protected" file without any issue via the generated links.

Is there anything else to do, that is not mentioned in the documentation?

To Reproduce

• Install as described in the docs
• Add files from a protected folder to a fileliste plugin (or news or whatever allows to select files from fileadmin)

Expected behavior
I should not be able to download anything from my protected folders.

Environment (please complete the following information):

• Extension Version: 4.0.0
• TYPO3 Version: 9.5.13
• Browser all
• Web Server Apache 2.4
• PHP Version: 7.2.25

Describe the bug
Argument 4 passed to Bitmotion\SecureDownloads\Resource\FileDelivery::getHash() must be of the type integer, string given, called in /var/www/web/typo3conf/ext/secure_downloads/Classes/Resource/FileDelivery.php

To Reproduce
Steps to reproduce the behavior:

1. Click on download link

Expected behavior
File is sent as download.

Additional context
TYPO3 9.5, PHP 7.2, Ubuntu, Composer

Describe the bug
After calling a download link, I get this error:
Argument 3 passed to Bitmotion\SecureDownloads\Resource\FileDelivery::getHash() must be of the type string, null given

I fixed this bug with this code in line 111
$this->userGroups = GeneralUtility::_GP('g'); if ($this->userGroups === '' || is_null($this->userGroups)) { $this->userGroups = '0'; }

Environment (please complete the following information):

• Extension Version: 3.0.2
• TYPO3 Version: 8.7.30
• PHP Version: 7.2.24

Describe the bug
Backend modules using a typolink to a secure folder create an not-working escaped link

Expected behavior
With TYPO3 v7, in2code/powermail:4.4.0 and bitmotion/typo3-secure-downloads:2.0.6 I was able to have the powermail backend module generate links to a "secured" folder, thus instead of a local link fileadmin/securefolder/file.pdf I got e.g. /index.php?eID=tx_securedownloads&p=&u=0&g=0&t=1543425964&hash=4f009617f5a76ffc0d1f570b0a62c098a4e291c4&file=fileadmin/securefolder/file.pdf and it worked flawlessly.

Errornous behaviour
With TYPO3 v8, in2code/powermail:7.0.0 and bitmotion/typo3-secure-downloads:3.0.0 I get escaped URLs like /index.php?eID=tx_securedownloads&p=&u=0&g=0&t=1543425964&hash=4f009617f5a76ffc0d1f570b0a62c098a4e291c4&file=fileadmin/securefolder/file.pdf which result in a hash mismatch exception as the hash is not found at all.

To Reproduce
Have a backend module which creates typolinks, have a file in a secured folder with working config for EXT:secure_downloads.

1. Configure secure_downloads for a folder
2. Configure powermail and have a form which uploads a file to above folder
3. Submit Form in Frontend
4. Start backend module of powermail, select Form entry, analyse/click link to uploaded file

I'm crossposting this to both extensions (at least for further reference even if this extension is not responsible), will update as soon as I find the exact reason.

Describe the bug
*.tar.gz files result in Hash invalid! Access denied! until tar\.gz is added to basic.securedFiletypes additional to tar|gz

To Reproduce
Steps to reproduce the behavior:

1. self-explaining I think .. :)

Expected behavior
It should be tested whether the extension is at the absolute end of the filename. Inside my .htaccess I am using the $ sign after the regex but I thinks thats not possible here since it seems to parse the html.

<f:image> can generate the correct code for secure images.
<f:uri.image> can't and generates the path to the file without goingt through secure_downloads.

Any chance this feature makes it into an upcoming release of secure_downloads?

In readfile_chunked mode the FileDelivery crashes with error 500 because ini_get returns a string, which is passed into set_time_limit which expects an int.

I'm talking about method readFileFactional.

This mode of operation is not working at all because of this.

After clicking "Download Traffic" I get an uncaught TYPO3 Exception.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Download Traffic'
2. See error: There is no @var annotation for property "fileType" in class "Bitmotion\SecureDownloads\Domain\Model\Filter"

Expected behavior
BE module should be usable without any error.

Version
secure_downloads version 3.0.2

I found that this HTML Parser Pattern '/((data-[a-z0-9]*)|(href|src|poster))=["\']{1}(.*)["\']{1}/siU'; does not suffice for:
a) tags with style="background-image: url(...)" and
b) tags with multiple matches per tag (e.g.: tag has data-xxx attribute and href).
Also the Parser is not loaded via GeneralUtility::makeInstance() but new.
Should it be an issue or is something intended there?

I do have update to create a pull request from, for this issue.

Environment:
TYPO3 8.7.30
secure_downloads 2.0.5 (but also related to latest version - 4.0.0)

In the moment downloading using secure_downloads is done as synchronous action. It means, the script is waiting for browser to download the file completely.
This was achived by using combination of ob_flush() and flush() methods in file secure_downloads/Classes/Resource/FileDelivery.php. This is also the case in the newest version (in the moment 4.0.0).
In case of large files it can last 10, 20 or more seconds, and it means that one php-fpm child ist busy for that time.
In one of our big projects we had the issues by downloading files from filelist in TYPO3 backend. In log files I could see multiple lines created by downloading of one file,
maybe because an editor clicks multiple times on button to show (download) the file, or some other reason. And then we have only for this action multiple requests that last, let's say, 30 seconds.
It slows down the server and it leads to server downtime also.

I tested this behavior using xdebug breakpoints. Execution goes to the next line after flush() method only after completely downloaded file.

Suggestions

• Maybe removing ob_flush() and flush() from code. Then it works asynchronous. The execution continues without waiting download to be finished. I have tested this.
• Putting ob_flush() and flush() in if condition, e.g. log download if enabled in extension configuration.

Oops, an error occurred!
TYPO3 Fatal Error: Extension key "secure_downloads" is NOT loaded!

I do not use TYPO3 in composer mode, it was uploaded via FTP.

Appears with TYPO3 7.6.12 after login on login/logout page.

Is your feature request related to a problem?
Yes, currently the extension is not marked as compatible to TYPO3-version 9.5, so it's unknown if it's running with that version.

Describe the solution you'd like
As soon as the extension is compatible with TYPO3 version 9.5, please raise the version-number.

Describe alternatives you've considered
Perhaps a compatibility extension?
Hacking respectively contributing if not too much work,

Describe the bug

To Reproduce
Steps to reproduce the behavior:

1. Filter results: example: filter by "application type"
2. Change page using the pagination feature

Expected behavior
Filter options should persist after changing page.

Is your feature request related to a problem? Please describe.
People tend to forget to configure proper webserver access control for protected storages

Describe the solution you'd like
Check for proper access control either on link generation or as a TCA hook and confront the user with a warning consisting of guidelines how to fix that for the used webserver.

I have problems indexing my PDFs but I don't see what the problem is. Do I have to dig deeper and deeper or is secure_downloads securing also against the crawler extension?

Thanks and have a nice week

Is your feature request related to a problem? Please describe.
I don't understand yet how the pattern in basic.securedFiletypes is working. I've had issues with adding an xlsm file type. Depending on the position in the piped string it worked or broke everything (invalid hash message). pdf|jpe?g|gif|png|odt|pptx?|docx?|xlsm|xlsx?|zip|rar|tgz|tar|gz seems to work now.

Describe the solution you'd like
Could you document a bit more what has to be observed for a working pattern?

Describe alternatives you've considered
When #43 is merged, I'll probably switch to that option.

secure_downloads 3.0.0
TYPO3 8.7.20

Hi Florian and other from bitmotion,

first of all thank you very much for publishing your extension!

I'm running a small website for a German project with "Ehrenamtlichen". Public part is about our project, plus a secured (FE login req.) part with confidential documents like address lists, schedules, etc.. Securing these docs have been done with fal_securedownload.
We started with TYPO3 7.6, and as the site itself is pretty simple (KISS :-) ), it has been no big issue to upgrade as soon as new versions of TYPO3 have been available.
But now, for LTS 9, fal_securedownload is missing a sponsor, so I have looked for an alternative and found your secure_downloads.

At first, it seemed to me your extension didn't do anything (=links are keeping the same in FE, unchanged), and I didn't get any answer in the German TYPO3 mailing list: http://lists.typo3.org/pipermail/typo3-german/2018-November/122570.html

Now, reading here closed first issue #1, I've got a hint with "remote" and "public" storage.
Found out now, that:

• having set storage's option to "Is publicly available?" to FALSE, secure_downloads DOES NOT generate any links. Links stay at https://domain.tld/index.php?eID=dumpFile&...., accesible when not logged into FE, when e.g. shared by users, unwanted.
• Having set storage's option to "Is publicly available?" to TRUE, secure_downloads generates the correct links https://domain.tld/test_secure_downloads/index.php?eID=tx_securedownloads&...&file=ordner1/any.pdf. Link produces an error, when not logged in, into FE, fine.
• BUT: Although storage's option "Is publicly available?" is set to TRUE, the "webserver only" URL, aside to TYPO3, like is still available, making all "securing" efforts completely meaningless. Tried with a storage with absolute path, knowing that TYPO3 will NOT handle them with a direct webserver URL, but TYPO3 immediately sets option to FALSE, because of the absolute path.

Is this a bug? Or a feature, not understood by me?

In module "Download-Traffic" it is only possible to see something in "Overview" selection - "By page" is not working.
Also the select fields always went back to the first entry.

(TYPO3 7.6.13)

composer why-not typo3/cms:8.7.0

typo3-ter/secure-downloads 2.0.3 requires typo3/cms-core (>= 6.2.0, <= 8.3.99)

Is your feature request related to a problem? Please describe.
Our use case is to provide an image within an download area. There it is displayed inline using the extension, but also linked as download using HTLM5 download attribute: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#attr-download

Right now it's not possible to achieve that, as the extension is adding the Content-Disposition header depending on file extension. This way a file is forced to be displayed inline or forced to be downloaded. At least for Firefox, while Chromium prioritizes the HTML attribute higher.

Describe the solution you'd like
Explain what's the reason behind setting the header. If there is none, remove the need.
Maybe add an Fluid ViewHelper that allows to define an argument whether to force download or not. This could be put into a hash in order to prevent manipulation, if the header is a security aspect.

Describe alternatives you've considered
I don't have any alternatives in mind, for now we patch the code for our self and remove the header.

Hi,
I need a feature to link to secured PDF's from another PDF or another site, so that the user will redirected to the login-page.

Any plans to implement such a feature?