Client Data Transfer
The security.dataTransfer node controls files crossing the browser boundary — uploads from the user's device into the session and downloads from the session back to the device — and the maximum file size for each.
security.dataTransferWhat these flags gate
These toggles govern transfer across the browser boundary: the file-transfer panel, file dialogs and the HTTP file APIs. They do not gate in-panel browsing of server-side locations or server-side file operations, and they are separate from print PDF delivery (which is controlled by Printing). Whether a user can reach a given location at all is set by the file-system trust level; data transfer governs whether bytes may cross to or from the device.
Properties
| Property | Type | Default | Min / max | Units / notes |
|---|---|---|---|---|
clientUploadEnabled | boolean | true | — | Allow uploading files from the user's device into the session. |
clientDownloadEnabled | boolean | true | — | Allow downloading files from the session to the user's device. |
maxFileSizeBytes | integer | 104857600 | 1 – 1,073,741,824 | bytes; default 100 MB. The editor presents this in MB and converts. |
Print PDF size lives here too
The editor surfaces security.printing.maxOutputSizeBytes (the print PDF delivery cap) within this same accordion as an optional "Max PDF size" field. Leaving it empty makes the print cap fall back to maxFileSizeBytes. See Printing.
Sample
"dataTransfer": {
"clientUploadEnabled": false,
"clientDownloadEnabled": false,
"maxFileSizeBytes": 104857600
}
New custom policies default both upload and download to false (locked down). The fulltrust built-in enables both. There is no app.config.xml equivalent for these flags — they are policy-only.