labs.insert-title.com

Content-Disposition over HTTPS

I had to do a bit of research on this, but think I have it resolved.
If you have ever tried to deliver a dynamically generated file in realtime over SSL, you've seen this problem. Not something everyone deals with, but I know I had a lot of trouble finding a solution so I thought I'd give it a quick write up.

This is apparently a bug in IE since IE 4.0, and as of yet still not patched.

Anyways – here’s an MS article documenting the problem, Clicky

Basically delivering dynamically generate files in real time over HTTPS and with IE as a client ends up delivering a message to the user about downloading the entire URL that is generating the file

The article didn’t solve my problem, but some further reading led me to find out the following solution:

Solution

When delivering a dynamic file over HTTPS, using

content-disposition … attachment; filename=….

Be sure to use
Cache-Control: max-age=0
Instead of
Cache-Control: no-cache

Plain and simple, but not so well known.






Discussion

muad

thanks, works great, saved me hours of work

New comments are currently disabled, you can find me @joemaddalone Comments temporarily disabled for now, you can find me @joemaddalone