Client Data Transfer

The security.dataTransfer node controls files crossing the browser boundary — uploads from the user's device into the session and downloads from the session back to the device — and the maximum file size for each.

Editor Client Data Transfer accordion  ·  JSON security.dataTransfer

What these flags gate

These toggles govern transfer across the browser boundary: the file-transfer panel, file dialogs and the HTTP file APIs. They do not gate in-panel browsing of server-side locations or server-side file operations, and they are separate from print PDF delivery (which is controlled by Printing). Whether a user can reach a given location at all is set by the file-system trust level; data transfer governs whether bytes may cross to or from the device.

Properties

PropertyTypeDefaultMin / maxUnits / notes
clientUploadEnabledbooleantrueAllow uploading files from the user's device into the session.
clientDownloadEnabledbooleantrueAllow downloading files from the session to the user's device.
maxFileSizeBytesinteger1048576001 – 1,073,741,824bytes; default 100 MB. The editor presents this in MB and converts.

Print PDF size lives here too

The editor surfaces security.printing.maxOutputSizeBytes (the print PDF delivery cap) within this same accordion as an optional "Max PDF size" field. Leaving it empty makes the print cap fall back to maxFileSizeBytes. See Printing.

Sample

"dataTransfer": {
  "clientUploadEnabled": false,
  "clientDownloadEnabled": false,
  "maxFileSizeBytes": 104857600
}
Note

New custom policies default both upload and download to false (locked down). The fulltrust built-in enables both. There is no app.config.xml equivalent for these flags — they are policy-only.