Browser behaviour when 403 Response with Content-Disposition Attachment header

If client requests for a file download for which the logged in user does not have permissions, server should not set content-disposition:attachment header. If the header is set and if 403 (Forbidden) status code returned by the server, then client shows weird message as file not found.

Comments