> -----Original Message-----
> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
> Sent: Monday, June 03, 2013 3:39 PM
> To: 'Tomcat Users List'; 'verlag.preis...@t-online.de'
> Subject: RE: IE 8 and before refusing to download files (I hate IE)
> 
> > -----Original Message-----
> > From: verlag.preis...@t-online.de [mailto:verlag.preisser@t-
> online.de]
> > Sent: Monday, June 03, 2013 1:28 PM
> > To: Tomcat Users List
> > Subject: Re: IE 8 and before refusing to download files (I hate IE)
> >
> > Hi,
> >
> > -----Original-Nachricht-----
> > > Von: Jeffrey Janner <jeffrey.jan...@polydyne.com>
> > > An: 'Tomcat Users List' <users@tomcat.apache.org>
> >
> > > Ran into an interesting problem today.  It seems that IE8 and
> before
> > > no longer likes how we are sending BLOB files.
> > >
> > > Worked last week as far as we can tell.  Works fine for IE9+ and
> > other
> > > browsers, but IE8 is suddenly giving us an error message, as though
> > it
> > > is ignoring the response headers.
> > >
> > > I'm not going to completely rule out the possibility it is in our
> > code
> > > somewhere, but we haven't found it yet.  We did also upgrade out
> app
> > > over the weekend, but the problem didn't show up in our test
> > > environment (as far as we can tell).
> > >
> > > Here is the relevant code:
> > >
> > [...]
> > >
> > > Works great if the MimeType is text/html, but anything else
> > > generates an error.
> > >
> > > The getContent routine reads from the BLOB and copies it to the
> > > response output stream.
> > >
> > > None of this code has changed, and the access log shows a 200
> > response
> > > and the full number of bytes of the file.
> > >
> > > Anybody have any ideas?
> > >
> > > Server1 specs: Tomcat 6.0.33/Java 1.6.0_33/Windows 2003 SP2
> > > Server2 specs: Tomcat 6.0.36/Java 1.6.0_34/Windows 2008 R2/SP1
> >
> >
> > can you give an example of the actual HTTP response headers that are
> > sent to the client?
> >
> > I just tested that the following response works with IE8 on WinXP and
> > IE10 using its IE8-Mode on WIndows 8:
> >
> > HTTP/1.1 200 OK
> > Transfer-Encoding: chunked
> > Content-Type: application/x-zip-compressed
> > Server: Microsoft-IIS/7.5
> > Content-Disposition: attachment; filename=Portal.zip
> > Date: Mon, 03 Jun 2013 18:14:14 GMT
> >
> > [...]
> >
> > This is generated by a Servlet on Tomcat 7.0.40 that sets the
> Content-
> > Type and Content-Disposition headers and then writes bytes to the
> > respone's OutputStream (the response is served by IIS/7.5 using ISAPI
> > Redirector). For Content-Disposition, I'm using
> > javax.mail.internet.ContentDisposition which should automatically add
> > necessary escaping and quoting to the "filename:" part.
> >
> > I also tested with IE10's IE7-Mode that is used when activating
> > Compatibility View and no X-UA-Compatible header is present that
> tells
> > IE to use it's highest browser mode (like "X-UA-Compatible:
> IE=Edge").
> >
> > (As an aside, for my websites I don't support any IE below IE9... ;-)
> > However, I use the "X-UA-Compatible: IE=Edge" header to prevent IE to
> > use the compatibility mode, which can happen if Microsoft suddenly
> > decides to add your site to its "compatibility view list", or
> > sometimes if IE is embedded as ActiveX control etc...)
> >
> >
> > Regards,
> > Konstantin Preißer
> >
> 
> The error presented is "Internet Explorer cannot download from
> <servlet> from <host-url>.  Internet Explorer was unable to open this
> Internet site. The request site is either unavailable for cannot be
> found. Please try again later."
> 
> But figured it just now.
> I had removed the line
>   <Valve className="org.apache.catalina.authenticator.SSLAuthenticator"
>         securePagesWithPragma="false" /> from my context files as it
> wasn't supposed to be needed, since we don't do SSL Authentication for
> logins.
> However, apparently it is setting something in the response header that
> matters as a side effect of being there.
> Now I just need to find out what so I can duplicate it with a filter.
> 
> Jeff
> 

For those who might be interested, here are the two header sets returned:

Without SSLAuthenticator:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Wed, 31 Dec 1969 18:00:00 CST
Content-Disposition: attachment; 
filename=SITE_VIEW_COST_SAVING_PART_NUMBER_%26QUOT%3BQUOTES_IN_PROJ_SV%26QUOT%3B_20130603.xls;
Content-Type: application/vnd.ms-excel
Transfer-Encoding: chunked
Date: Mon, 03 Jun 2013 22:34:41 GMT

With SSLAuthenticator:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Wed, 31 Dec 1969 18:00:00 CST
Content-Disposition: attachment; 
filename=SITE_VIEW_COST_SAVING_PART_NUMBER_%26QUOT%3BQUOTES_IN_PROJ_SV%26QUOT%3B_20130603.xls;
Content-Type: application/vnd.ms-excel
Transfer-Encoding: chunked
Date: Mon, 03 Jun 2013 22:29:41 GMT

Note the only real difference is the addition of a Pragma header.  Apparently, 
this is giving IE8 and earlier fits.
Anybody know how to disable the Pragma being added without using the 
SSLAuthenticator Valve?  Or remove it?

Jeff

Reply via email to