Can't open attachments on the forum [downloading is disabled; use Insert Image for images]
For some reason, when I click an attachment thumbnail on a forum post, it does not open the attachment. I tried in Safari, Firefox, and Chrome. Tried clearing my cache. Nothing works. Perhaps it's a permissions issue?
Comments
-
I noticed this yesterday too, when it worked for me previously.
0 -
Hi guys,
We've disabled downloading forum attachments for members for now. Since .zip files can be uploaded, this allows users to upload their Diagnostics Report directly to the forum, which we want them to email and not display publicly. By disabling attachment downloads, nobody but Administrators will be able to view the Diagnostics Report ZIP file.
At the moment, I'm not sure if this restriction will be permanent. We are looking at getting .zip files blacklisted, so users simply won't be able to attach them. If we're able to get that done, we may revisit the member permissions for downloading attachments.
With that said, there is a workaround to view full size images:
- Open the thumbnail image in its own window so you can view the URL.
- Remove the
/thumbnails
part of the URL to view the full size. - For example:
- Change this:
https://us.v-cdn.net/5020219/uploads/thumbnails/FileUpload/64/3365f6f7633268e397b83cdd161266.png
- To this:
https://us.v-cdn.net/5020219/uploads/FileUpload/64/3365f6f7633268e397b83cdd161266.png
- Change this:
Also, when attaching an image to your post, you can use the Insert Image option to add an
<img>
tag so the full size image will be displayed inline:Please let us know if you have any other questions! :)
0 -
So you're making life awkward for the majority because a minority can't follow simple instructions? Does that about summarise it?
0 -
Hi @RichardPayne,
I'm sorry for any inconvenience this restriction on downloading of attachments causes, especially with full size image viewing. Being able to attach files directly on the forum is a relatively recent change, primarily intended for making it easier for more people to include screenshots with their posts than remotely hosting them (even when using the Insert Image option that @JasperP described).
Limiting uploading/downloading to image file types is one way we might adjust attachment handling. Reenabling support for downloading of non-image file types is most unlikely to happen. We appreciate any feedback you have about this.
0 -
Thanks for clearing that up. Sounds like a good decision to help keep people from unintentionally exposing sensitive information.
0 -
Thanks for understanding why we made the change, @ethansisson.
If someone unintentionally uploads sensitive information we hope they prefer and feel better knowing that it's not going to be downloadable, even if it means some minor loss of convenience for now. Mistakes happen. :)
0 -
You know what they about security through obscurity. :/
0 -
@RichardPayne, this is not a case of "security through obscurity" which, if I am correctly understanding your insinuation, wouldn't be helpful or wise. We agree. It never is. Rather we're making the ZIP files completely unavailable to non-admins — not simply obscured to them.
As @ethansisson mentioned, this is so that we don't end up giving folks rope with which to hang themselves.
The file attachments were not supported at all until pretty recently, so I hope that having a minor, temporary workaround for now is still an improvement over not having them at all. As @JasperP mentioned, we're looking at better solutions. Thanks for letting us know you will appreciate one when it becomes available. :)
Linking to images which are externally hosted is still completely supported as it always has been. Before we enabled attachment uploads it was the only way to have an image in a post. With the plethora of free image hosting services on the Internet, it's still the easiest and fastest method for me to attach images. (If you're interested, I use Skitch and have for years. I use our own CDN, but they offer free hosting of their own.)
0 -
Oh, so the workaround listed above doesn't work for zips?
Combined with this:If someone unintentionally uploads sensitive information we hope they prefer and feel better knowing that it's not going to be casually downloadable
The reference to "casually downloadable" made me think it was just making it more obscure.
0 -
Hi @RichardPayne,
Oh, so the workaround listed above doesn't work for zips?
That's correct.
The reference to "casually downloadable" made me think it was just making it more obscure.
It wasn't my intention to give anyone that impression so I've removed "casually" from my previous reply. Thanks for bringing that to my attention.
0 -
The workaround above requires access to the thumbnail URL. There is no thumbnail for ZIP files. Currently, ZIP files are not downloadable at all by non-admins, and this means that even someone who was not trying to do anything wrong can't causally download them thinking it was something important for them to see. :)
0