Using stream results with content-disposition: attachment; filename="whatever"
in HTTPS and IE does not work
------------------------------------------------------------------------------------------------------------
Key: WW-3481
URL: https://issues.apache.org/jira/browse/WW-3481
Project: Struts 2
Issue Type: Bug
Components: "New" API, Documentation
Affects Versions: 2.1.8.1
Reporter: Andy Chapman
I have a page which allows the download of files. I implement some complex
security around this so I use a stream result from an action to return the
resulting file. It works beautifully in Firefox, Chrome, Opera etc but in IE
(I'm using version 8 but I think it affects other versions as well) it gives an
error - "Internet Explorer cannot download <whatever> from <wherever>. Internet
explorer was not able to open this Internet Site. The request is either
unavailable or cannot be found. Please try again later."
This is apparently to do with the Cache-Control: no-cache being incorrectly
implemented in IE since version 6 (i.e. all current versions). As I understand
it, IE deletes the file before it can be saved.
The solution in the documentation at
http://struts.apache.org/2.1.8.1/docs/stream-result.html points to
http://struts.apache.org/2.1.8.1/docs/https-and-ie-issues.html which is very
out of date (I don't think interceptors work that way any more) and even when
adapted to version 2.1.8.1 (my feeble effort below) doesn't work because I
can't change the allowCaching parameter at run time (it needs to be true for IE
downloads and false for everything else).
It would be really good to:
1) Make the allowCaching parameter of the StreamResult class take a stack
parameter and OGNL expression (like the other parameters)
2) Include the workaround for IE misbehaviour in the StreamResult class
doExecute method
Cheers
-----------------------
public class HTTPRequestCachePrivateInterceptor implements Interceptor
{
public void destroy() {}
public void init() {}
public String intercept(ActionInvocation invocation) throws Exception
{
HttpServletRequest request =
(HttpServletRequest)invocation.getInvocationContext().get(ServletActionContext.HTTP_REQUEST);
HttpServletResponse response = (HttpServletResponse)
invocation.getInvocationContext().get(ServletActionContext.HTTP_RESPONSE);
if (request!=null && response!=null) {
if (request.isSecure()) {
String userAgent =
request.getHeader("User-Agent");
if (userAgent!=null) {
if (userAgent.indexOf("MSIE")>=0) {
response.setHeader("Cache-Control", "private, no-transform, must-revalidate,
max-age=5");
}
}
}
}
return invocation.invoke();
}
}
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
