feat(schema): File download COMPASS-8704

[paula-stacho]

Description

Doing the file download with blob + createObjectUrl solution. Tested in electron and chrome. Including e2e

Checklist

• New tests and/or benchmarks are included
• Documentation is changed or added
• I have signed the MongoDB Contributor License Agreement (https://www.mongodb.com/legal/contributor-agreement)

Motivation and Context

• Bugfix
• New feature
• Dependency update
• Misc

Open Questions

Dependents

Types of changes

• Backport Needed
• Patch (non-breaking change which fixes an issue)
• Minor (non-breaking change which adds functionality)
• Major (fix or feature that would cause existing functionality to change)

[gribnoysup]

but I've run into some security issues with link.clicking programmatically.

I'm curious what was the case when it happened. Generally browsers allow for this if the click is triggered by another user action, so if this programmatic link clicking is triggered by a user button click for example, browsers should not prevent that

(I tried naively replacing the href with a button that creates a link and clicks it on click event and it seems to work both in local sandbox and when using browser extension to run this code in cloud)

[paula-stacho]

but I've run into some security issues with link.clicking programmatically.

I'm curious what was the case when it happened. Generally browsers allow for this if the click is triggered by another user action, so if this programmatic link clicking is triggered by a user button click for example, browsers should not prevent that

(I tried naively replacing the href with a button that creates a link and clicks it on click event and it seems to work both in local sandbox and when using browser extension to run this code in cloud)

Aaaah 🤦 So now I spent some more time on it and I think the issue was appending the temporary element to document.body. Appending it inside the modal appears to work (at least in electron). I don't hate the current solution though, so I'm thinking to keep it. It seems more semantic html-ish.

[gribnoysup]

So now I spent some more time on it and I think the issue was appending the temporary element to document.body

If you're doing this from inside the modal, the modal logic is probably conflicting with the click (either the focus trap or a pointer-events directive somewhere I'd assume). FWIW you don't need to add it in the DOM at all to click, you can just call the method on the element. Semantics are good, but I'd consider to think about what other things this affects: keeping blob in state in addition to the schema basically means we're keeping schema in memory two times, then you create the object URL and it makes it three times, I'm not sure how much it's worth it, especially as this is not a "real" URL anyway

[paula-stacho]

So now I spent some more time on it and I think the issue was appending the temporary element to document.body

If you're doing this from inside the modal, the modal logic is probably conflicting with the click (either the focus trap or a pointer-events directive somewhere I'd assume). FWIW you don't need to add it in the DOM at all to click, you can just call the method on the element. Semantics are good, but I'd consider to think about what other things this affects: keeping blob in state in addition to the schema basically means we're keeping schema in memory two times, then you create the object URL and it makes it three times, I'm not sure how much it's worth it, especially as this is not a "real" URL anyway

Okay, reverting to the temporary link solution, doing the cleanup wasn't too bad but you're right that the objects can get big and we shouldn't need to store two (the url itself is small so I'm not counting that)