Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

File URL "Not allowed to load local resource" in the Internet Browser

I've got a major brainteaser.

I want to open a file in classic ASP. I'm using various variables because things can change but the outcome is correct. I know this because I've tested the outcome by copying the linkadress and placing it in my URL. Now the problem: If I click my link it doesn't do anything. Not a refresh, not a redirect. nothing. Does anyone know what I did wrong?

Ok here's the deal. My file isn't always local, it depends on what environment I'm on. If I copy-paste the outcome of my url it does download. If I click my URL it doesn't respond. Any ideas? Browser problem? (although I've tested 5 browsers) Or anything else? I'm really stuck here and the internet does not seem to be on my side.

I've got 3 environments. The variables underneath here are so that the link works. I know the link works because I've tested it by copying. And yes, it does begin with file:/// and yes I'm sure the link is right.

Here's my line of code:

response.write("<td class='tab_kolom2'><a href='"&rootRs("pre_rootpad")&rootRs("rootpad_protocollen")&"\"&overzichtRs("Formuliernr")&"\Uitvoeringsoverzicht.xls' target='_blank' download>Click here</a></td>") 

EDIT: Screenshot with error/outcome of link

error

like image 892
Benny Niemeijer Avatar asked Jan 20 '16 13:01

Benny Niemeijer


People also ask

How do I allow my browser to read local files?

Using Google Chrome to access local files is as easy as pressing Ctrl + O at the same time. This interface will open, allowing you to navigate to whichever file or folder is needed. There are several types of files which can be opened using Chrome. These include pdf, mp3 files, some video files and most document files.


2 Answers

Now we know what the actual error is can formulate an answer.

Not allowed to load local resource

is a Security exception built into Chrome and other modern browsers. The wording may be different but in some way shape or form they all have security exceptions in place to deal with this scenario.

In the past you could override certain settings or apply certain flags such as

 --disable-web-security --allow-file-access-from-files --allow-file-access 

in Chrome (See https://stackoverflow.com/a/22027002/692942)

It's there for a reason

At this point though it's worth pointing out that these security exceptions exist for good reason and trying to circumvent them isn't the best idea.

There is another way

As you have access to Classic ASP already you could always build a intermediary page that serves the network based files. You do this using a combination of the ADODB.Stream object and the Response.BinaryWrite() method. Doing this ensures your network file locations are never exposed to the client and due to the flexibility of the script it can be used to load resources from multiple locations and multiple file types.

Here is a basic example ("getfile.asp"):

<% Option Explicit  Dim s, id, bin, file, filename, mime  id = Request.QueryString("id")  'id can be anything just use it as a key to identify the  'file to return. It could be a simple Case statement like this 'or even pulled from a database. Select Case id Case "TESTFILE1"   'The file, mime and filename can be built-up anyway they don't    'have to be hard coded.   file = "\\server\share\Projecten\Protocollen\346\Uitvoeringsoverzicht.xls"        mime = "application/vnd.ms-excel"   'Filename you want to display when downloading the resource.   filename = "Uitvoeringsoverzicht.xls"  'Assuming other files  Case ... End Select  If Len(file & "") > 0 Then   Set s = Server.CreateObject("ADODB.Stream")   s.Type = adTypeBinary 'adTypeBinary = 1 See "Useful Links"   Call s.Open()   Call s.LoadFromFile(file)   bin = s.Read()    'Clean-up the stream and free memory   Call s.Close()   Set s = Nothing    'Set content type header based on mime variable   Response.ContentType = mime   'Control how the content is returned using the    'Content-Disposition HTTP Header. Using "attachment" forces the resource   'to prompt the client to download while "inline" allows the resource to   'download and display in the client (useful for returning images   'as the "src" of a <img> tag).   Call Response.AddHeader("Content-Disposition", "attachment;filename=" & filename)   Call Response.BinaryWrite(bin) Else   'Return a 404 if there's no file.   Response.Status = "404 Not Found" End If %> 

This example is pseudo coded and as such is untested.

This script can then be used in <a> like this to return the resource;

<a href="/getfile.asp?id=TESTFILE1">Click Here</a> 

The could take this approach further and consider (especially for larger files) reading the file in chunks using Response.IsConnected to check whether the client is still there and s.EOS property to check for the end of the stream while the chunks are being read. You could also add to the querystring parameters to set whether you want the file to return in-line or prompt to be downloaded.


Useful Links

  • Using METADATA to Import DLL Constants - If you are having trouble getting adTypeBinary to be recongnised, always better then just hard coding 1.

  • Content-Disposition:What are the differences between “inline” and “attachment”? - Useful information about how Content-Disposition behaves on the client.

like image 130
user692942 Avatar answered Sep 19 '22 22:09

user692942


For people do not like to modify chrome's security options, we can simply start a python http server from directory which contains your local file:

python -m SimpleHTTPServer 

and for python 3:

python3 -m http.server 

Now you can reach any local file directly from your js code or externally with http://127.0.0.1:8000/some_file.txt

like image 22
alioguzhan Avatar answered Sep 20 '22 22:09

alioguzhan