Untrusted downloads

%3CLINGO-SUB%20id%3D%22lingo-sub-1471645%22%20slang%3D%22en-US%22%3EUntrusted%20downloads%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1471645%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20I%20download%20an%20Excel%20file%20with%20from%20an%20internal%20web%20server%20(AD-joined%20devices)%20the%20file%20is%20marked%20as%20unsafe%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22stesch79_0-1592414262718.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F199290i93949B14FE1CD7C4%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22stesch79_0-1592414262718.png%22%20alt%3D%22stesch79_0-1592414262718.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20I%20do%20the%20same%20in%20IE11%20or%20Edge%20Legacy%2C%20the%20file%20is%20not%20marked%20as%20unsafe.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20the%20file%20is%20marked%20as%20unsafe%2C%20the%20user%20gets%20the%20yellow%20bar%20saying%20enable%20to%20edit.%20This%20is%20a%20real%20impediment%20within%20our%20environment.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22stesch79_1-1592414543065.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F199291i6961385557CC18ED%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22stesch79_1-1592414543065.png%22%20alt%3D%22stesch79_1-1592414543065.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20IE11%20and%20Edge%20Legacy%20%22Trusted%22%20websites%20were%20configured%20within%20the%20Zones.%20How%20are%20websites%20%22trusted%22%20in%20Edge%20Chromium%20in%20regards%20to%20downloads%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESmartScreen%20is%20disabled%20by%20GPO.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20not%20found%20any%20hint%20within%20the%20documentation.%20Any%20ideas%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1471645%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDownload%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDownloads%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1473835%22%20slang%3D%22en-US%22%3ERe%3A%20Untrusted%20downloads%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1473835%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20to%20precise%3A%20If%20the%20file%20is%20downloaded%20the%20classic%20way%20(a%20href)%20it%20works.%20But%20if%20the%20file%20is%20generated%20via%20JavaScript%20(BLOB%2C%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fourcodeworld.com%2Farticles%2Fread%2F189%2Fhow-to-create-a-file-and-generate-a-download-with-javascript-in-the-browser-without-a-server%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fourcodeworld.com%2Farticles%2Fread%2F189%2Fhow-to-create-a-file-and-generate-a-download-with-javascript-in-the-browser-without-a-server%3C%2FA%3E)%20it%20is%20marked%20as%20unsafe.%26nbsp%3B%20This%20happens%20even%20with%20a%20simple%20text%20file.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Frequent Contributor

When I download an Excel file with from an internal web server (AD-joined devices) the file is marked as unsafe:

stesch79_0-1592414262718.png

 

When I do the same in IE11 or Edge Legacy, the file is not marked as unsafe. 

 

If the file is marked as unsafe, the user gets the yellow bar saying enable to edit. This is a real impediment within our environment. 

stesch79_1-1592414543065.png

 

In IE11 and Edge Legacy "Trusted" websites were configured within the Zones. How are websites "trusted" in Edge Chromium in regards to downloads?

 

SmartScreen is disabled by GPO.

 

I have not found any hint within the documentation. Any ideas?

 

1 Reply
Highlighted

Just to precise: If the file is downloaded the classic way (a href) it works. But if the file is generated via JavaScript (BLOB, see https://ourcodeworld.com/articles/read/189/how-to-create-a-file-and-generate-a-download-with-javascr...) it is marked as unsafe.  This happens even with a simple text file.