I know this is an old issue, but my research hasn't turned up anything useful so here goes... I'm trying to display a link that the user clicks on to download documents to their computer without them being rendered in the browser. In my case, these documents are the MSOffice variety and PDFs. The browsers all have viewers for these file types. (Like I said, I know this issue has been beat to death, but bear with me, some of this is FYI and might be useful). Is anyone successfully providing this functionality? If so, what is your server setup and what clients has it been verified on? Which technique are you using - Fake URLs, content-disposition, other? Here is the info from my testing over the last few hours: Step 1: Fake URLs I tried a link like this (the trailing slash was required for some server setups): <a href="download.cfm/somefile.pdf/">download file</a> And download.cfm contains the following one line of code: <cfcontent type="application/octet-stream" file="d:\somefile.pdf" deletefile="no"> This works great (save as box pops up and default filename is somefile.pdf) on all systems except one of my development boxes which (intentionally) doesn't have the latest security patches from Microsoft. (browser is IE5.5 SP1) nt4/iis4/sp5 - works - processes download.cfm (as expected) nt4/iis4/sp6a - fails - file not found (as expected) nt4/iis4/sp6a (with MS01-26 security patch) - works (?) win2k/iis5/sp2 - works (?) >From what I gather, one of the updates in the cumulative MS01-26 patch from MS fixes the "problem". I realize that some argue this shouldn't have worked anyway, but a lot of us had come to use it for custom query string formats as well as forcing downloads with the correct filename. Is it reasonable to expect this behavior to be broken again in future releases of Win2k service packs or should I actually consider using this technique (controlled intranet environment)? I know that many others using this technique for search engine friendly URLs, but it seems like you'll always be at the mercy of Microsoft "accidentally" breaking this "feature" in future service packs or updates. Step 2: Use CFHEADER So I decided to try to get it to work without the trickery of the "fake" URL. This led to using cfheader with content-disposition as follows: <cfheader name="Content-Disposition" value="attachment; filename=somefile.pdf"> <cfcontent type="application/octet-stream" file="d:\somefile.pdf" deletefile="no"> This works as expected in IE5. I don't know about IE4 or other browsers, but IE4 "supposedly" didn't support the content-disposition http header. IE5.5 is another story. This does pop up the "save as" box, but it will save the HTML from the referring HTML page. After hours of hair pulling and searching through old messages, I finally found that it is an IE5.5SP1 bug - see Microsoft KB Q281119 (http://support.microsoft.com/support/kb/articles/Q281/1/19.ASP). Their is no publicly available patch - you have to contact Microsoft for it. Does anyone know why this is or actually obtained the fix for their clients running IE5.5SP1? In looking at Dave Watt's demo at http://www.figleaf.com/demo/mimetest/, I was able to successfully download the .csv file with the same IE5.5SP1 browser. BUT, he is using Content-Disposition: inline. If I change to "inline" instead of "attachment", the pdf file is displayed in the browser (as expected, but not desired). I can only surmise that the .csv file doesn't have a built-in viewer in my IE5.5SP1 so it prompts with the "save as" box even though the Content-Disposition is set to "inline". I do have Excel installed and .xls files are displayed in the browser when using "inline". Still not sure why this is. Any thoughts? Is it reasonable to expect this functionality to be fixed or broken in future releases/updates to IE? If so, this technique is also not reliable. Should I go back to Step 1 and use fake URLs? Thanks for bearing with this long post. Jackson Moore [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
