I do not like the fact that I’m forced to download attached pictures from tickets.
I changed the html code to open the attachment in a new browser tab:
original:
<a class="attachment attachment--preview" href="api/v1/ticket_attachment/295/426/589?disposition=attachment" data-type="attachment" download="">
changed code:
<a class="attachment attachment--preview" href="api/v1/ticket_attachment/295/426/589" data-type="attachment" target="_blank">
How difficult is it to implement this?
Downloading attachments is mandatory and on propuse.
It’s to ensure the users safety (and that your local anti virus does a good scan before opening).
Just beside Cross-Site-Scripting reasons and stuff.
Ok, I understand this. But what if only verified users can use zammad from “verified” machines in our internal network… all machines are secured by a antivirus and the network by an powerfull firewall.
I don’t see a risk here and zammad should focus on functionality or?
Don’t get me wrong… zammad is a great but from an admin perspective I need to tell my users, that there is not even an option for me to enable something like this. And I’m not the first one here asking for something like that.
So I like the idea of “default security”, but I think it would be great if the admins could decide weather or not they want to set up zammad.
Everytime a user asks this question I’m providing the same answer as well. 
This is, at the moment, out of our scope, sorry.
You can use Firefox which allows you to open files automatically if needed. This can be set automatically as far as I’m aware. It still downlaods the file, but does it temporary and should address your use case in my opinion.
I’m sorry. I just noticed, that there IS a inbuilt preview available by clicking on the little picture. I always clicked on the picture text and the browser asked for downloading the picture. 
No worries, it’s only available for pictures though.
I suspected you’re talking about attachments in general.
By the way, this should also work for inline images 
This topic was automatically closed after 416 days. New replies are no longer allowed.