#569 closed defect (fixed)
MSIE cannot download files
| Reported by: | makub | Owned by: | pferreir |
|---|---|---|---|
| Priority: | normal | Milestone: | v0.97.0 |
| Component: | General | Version: | 0.97.0 |
| Keywords: | Cc: |
Description
Microsoft Internet Explorer (tested with version 8) cannot download MS-Word .doc files from URLs like
/indico/getFile.py/access?contribId=0&resId=0&materialId=paper&confId=192
I have tracked the problem down, it is caused by the combination of the HTTP headers
Cache-Control: no-store, no-cache, must-revalidate Content-Disposition: inline; filename="aaa.doc"
If Content-Disposition is removed, it works. If Cache-Control contains just must-revalidate, it works. If Cache-control contains either no-store or no-cache, and Content-Disposition is present, it fails.
It can be reproduced with a simple shell CGI script which makes MSIE to fail:
#!/bin/bash echo "Pragma: no-cache" echo "Cache-Control: no-store, no-cache, must-revalidate" echo "Content-Length: 5" echo 'Content-Disposition: inline; filename="doc2.doc"' echo 'Content-Type: application/msword' echo echo AAAA
In Firefox and Chrome it works.
Change History (9)
comment:1 Changed 5 years ago by makub
comment:2 follow-up: ↓ 3 Changed 5 years ago by pferreir
What do you mean by "cannot download"? Is there a browser error?
Once again, this assumes that Indico supports HTTPS after authentication, which is wrong.
I will link from #446 to here, though, as we should take this into account.
comment:3 in reply to: ↑ 2 Changed 5 years ago by makub
Replying to pferreir:
What do you mean by "cannot download"? Is there a browser error?
Yes, MSIE displays an error window saying something (in my Czech Windows XP) that the Internet server cannot be contacted.
The problem affects also PDF files, for which no error is displayed, MSIE just quietly does nothing.
I did not test more file types, but I guess that the difference in behavior between PDF and DOC files is caused by the difference that PDF files are displayed using a browser plugin, while DOC files are treated by external application.
Once again, this assumes that Indico supports HTTPS after authentication, which is wrong.
I will link from #446 to here, though, as we should take this into account.
I understand that Indico was not meant for all-SSL connections. However this time the fix is easy, just moving the line in base.py generating the Pragma header to the 'else' branch of the 'if' that detects MSIE.
comment:4 Changed 5 years ago by pferreir
IE seems to have a lot of problems with caching directives. We need caching directives because if at any time the protection level of a specific file is changed we want the effect to be immediate on the user side.
I understand that Indico was not meant for all-SSL connections. However this time the fix is easy, just moving the line in base.py generating the Pragma header to the 'else' branch of the 'if' that detects MSIE.
Yes, you are right. Let's integrate this patch.
Thanks!
comment:5 Changed 5 years ago by pferreir
- Owner set to pferreir
- Status changed from new to assigned
comment:6 Changed 5 years ago by pferreir
- Status changed from assigned to in_work
comment:7 Changed 5 years ago by pferreir
- Status changed from in_work to in_merge
comment:8 Changed 5 years ago by Pedro Ferreira <jose.pedro.ferreira@…>
- Resolution set to fixed
- Status changed from in_merge to closed
I have found that the code in webinterface/rh/base.py detects MSIE and sends different headers, so the issue I hava described was already found.
However I have tracked it down again with the headers send to MSIE, and the problem is caused by the combination of using SSL and the header
Pragma: no-cache
If using non-SSL or removing Pragma it works.