File download

OpenFin gives application providers a security-first approach to seamlessly download files from within applications. Some of OpenFin’s APIs (such as launchExternalProcess()) offer greater access to the system than typical Web APIs, and our file download support has been designed with that in mind. This model ensures downloadable files are originating from known, trusted locations and reduces the risk of any content being downloaded that is not considered safe. It also reduces the number of steps an end-user performs to display the content.

Application providers can create streamlined workflows for their end-user, such as the following:

  • Download and launch files with a single click
  • Download and save files to a predefined location

OpenFin provides application developers with the necessary tools to do things like following:

  • Set download locations via an API call
  • Determine rules for where files can be sourced
  • Determine rules for specific file types

Downloading files in your application

Implementing file download workflows in your application requires you add the following to the manifest:

  • Declare your use of secured APIs. Desktop owners might still block your application from using these APIs; refer to API security for details.
  • Define locations to download from, allowed file types, and whether to prompt the user when downloading.

Secured APIs

The secured APIs you might want to use for file download workflows include the following:

Defining how to handle file downloads

The following manifest properties are used to manage the file download experience:

  • defaultDomainSettings is the object that contains the file download rules. It can appear as an option for startup_app or platform, as appropriate to the application.
  • rules is an array of rule definition objects, each consisting of match, and options or behavior members.
  • match is an array of match patterns. Depending on where and how it is used, it can defines URLs of domains that files can be downloaded from or file types that can be downloaded. Wildcards for subdomains are supported. You can also use <all_urls> to match all URLs.
  • options contains downloadSettings, which in turn contains a rules object defining file types to match, and behavior for matched file types.
  • behavior defines whether the end-user should be prompted with a Save As dialog from the operating system. Possible values are:
    • prompt: The default. A user is shown the default download dialog box from the operating system.
    • no-prompt: The file is downloaded automatically, without user intervention.

Download configuration example

In the following example subsets of a manifest, for all subdomains of example.com, PNG and JPEG files are downloaded without prompting the user.

{  "platform" :{
    "defaultDomainSettings": {
      "rules": [
        {
          "match": [
            "*/*.example.com"
          ],
          "options": {
            "downloadSettings": {
              "rules": [
                {
                  "match": [
                    "*://*/*.png", "*://*/*.jpg"
                  ],
                  "behavior": "no-prompt"
                }
              ]
            }
          }
        }
      ]
    }
  }
}
{  "startup_app" :{
    "defaultDomainSettings": {
      "rules": [
        {
          "match": [
            "*/*.example.com"
          ],
          "options": {
            "downloadSettings": {
              "rules": [
                {
                  "match": [
                    "*://*/*.png", "*://*/*.jpg"
                  ],
                  "behavior": "no-prompt"
                }
              ]
            }
          }
        }
      ]
    }
  }
}