Content-Disposition over HTTPS

I had to do a bit of research on this, but think I have it resolved.
If you have ever tried to deliver a dynamically generated file in realtime over SSL, you've seen this problem. Not something everyone deals with, but I know I had a lot of trouble finding a solution so I thought I'd give it a quick write up.

This is apparently a bug in IE since IE 4.0, and as of yet still not patched.

Anyways – here’s an MS article documenting the problem, Clicky

Basically delivering dynamically generate files in real time over HTTPS and with IE as a client ends up delivering a message to the user about downloading the entire URL that is generating the file

The article didn’t solve my problem, but some further reading led me to find out the following solution:

Solution

When delivering a dynamic file over HTTPS, using

content-disposition … attachment; filename=….

Be sure to use
Cache-Control: max-age=0
Instead of
Cache-Control: no-cache

Plain and simple, but not so well known.

Posts

Latest Advice (5) API (2) ASP.NET (11) Blogging (2) Browsers (5) Classic ASP (1) Design (1) Ecommerce (3) GDI+ (7) Handy Stuff (4) IIS (1) Misc (8) Money (8) Opinion (8) Side Projects (1) Swish (12) VBS (3)

Stores

Books Software Video Games Plasma TVs LCD TVs DVD Players Tivo & DVR HDTVs MP3 Players Camcorders Cameras Cell Phones Desktops Laptops USB Flash Drives Hard Drives

LATEST POSTS

Viewstate bad developer, bad. Animation != Application Frame-based illiteration engulfs world. Developers worldwide cry. Handy ASP.NET Routines Bullshit Talks But money wont shut the hell up. PostBackUrl Equals Change the Friggin' Form Action .

ADS

MOST POPULAR

Multiple IEs in Windows Firefox Vs. The World Who Is Xperya? ActionScript Form Fields Quick Watermark IE 7 beta 2 standalone