X-Download-Options
The X-Download-Options HTTP header has only one option: X-Download-Options: noopen. This is for Internet Explorer from version 8 on to instruct the browser not to open a download directly in the browser but instead to provide only the Save option. The user has to first save it and then open it in an application.
Usage
This header is enabled by default but you can change its behavior like following.
export default defineNuxtConfig({
// Global
security: {
headers: {
xDownloadOptions: <OPTIONS>,
},
},
// Per route
routeRules: {
'/custom-route': {
security: {
headers: {
xDownloadOptions: <OPTIONS>,
},
},
}
}
})
You can also disable this header by xDownloadOptions: false
.
Default value
By default, Nuxt Security will set the following value for this header.
X-Download-Options: noopen
Available values
The xDownloadOptions
header can be configured with following values.
xDownloadOptions: 'noopen' | false;
noopen
When this directive is used, the user can still save and open the file, but this way the malicious code will be prevented from running on our website. Though it will run on the user’s file system.