#117 — Can't download files with IE / SSL / CacheFu combo
| State | Resolved |
|---|---|
| Version: | 1.1 |
| Area | Functionality |
| Issue type | Bug |
| Severity | Medium |
| Submitted by | (anonymous) |
| Submitted on | Dec 13, 2007 |
| Responsible | Ricardo Newbery |
| Target release: | 1.1.2 |
Last modified on
Jan 08, 2009
by
Matthew Wilkes
If a user tries to download an uploaded file or document and:
* The user is using IE (6 or 7)
* The site is being served on a Linux server over SSL (with either ProxyUser or RewriteRules)
* CacheFu is on
...then the user gets an error from IE:
"Internet Explorer cannot download file from <site.com>"
"Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
The file can be downloaded with no problem if any ONE of the following is done:
* If the user uses Firefox
* If the site is redirected through either the default port 8080 or through vanilla port 80
* If CacheFu is turned off
This sounds like an unlikely confluence of events, but it's actually very common:
* I can't tell my user base not to use IE
* I need to serve the site over SSL, because Plone usernames and passwords are sent in cleartext
* I need CacheFu to get Plone to acceptable levels
* My users need to be able to upload and download documents for collaboration.
This was found in Plone 3.0.3.
* The user is using IE (6 or 7)
* The site is being served on a Linux server over SSL (with either ProxyUser or RewriteRules)
* CacheFu is on
...then the user gets an error from IE:
"Internet Explorer cannot download file from <site.com>"
"Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
The file can be downloaded with no problem if any ONE of the following is done:
* If the user uses Firefox
* If the site is redirected through either the default port 8080 or through vanilla port 80
* If CacheFu is turned off
This sounds like an unlikely confluence of events, but it's actually very common:
* I can't tell my user base not to use IE
* I need to serve the site over SSL, because Plone usernames and passwords are sent in cleartext
* I need CacheFu to get Plone to acceptable levels
* My users need to be able to upload and download documents for collaboration.
This was found in Plone 3.0.3.
- Steps to reproduce:
- STEPS:
* Upload a file to a Plone site
* Make sure CacheFu is turned on
* Make sure site is being served over SSL (https)
* Using Internet Explorer, click on the uploaded file.
RESULT:
"Internet Explorer cannot download file from <site.com>"
"Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
EXPECTED:
The file should download.
Added by
Reinout van Rees
on
Dec 13, 2007 08:52 PM
I saw a somewhat similar problem on a client site once. In the end, the problem was 'no-cache' header + ie + https. IE, when using https, barfs on a 'no-cache' header. If you google for it you'll probably find something. Most regard it as an IE bug.
Target release:
1.1.2
→
None
Responsible manager:
newbery
→
(UNASSIGNED)
The workaround, if I remember correct, is to remove the 'no-cache' header. I also thought it only was a problem for certain file downloads.
So: google a bit and then tweak a bit to see if this is the problem.
Added by
(anonymous)
on
Dec 13, 2007 09:57 PM
What are the caching implications of deleting the no-cache header, if any?
Added by
Reinout van Rees
on
Dec 13, 2007 10:18 PM
I got an email from the bug submitter that removing the 'no-cache' header solved it.
I don't know the exact results of removing that header. It basically tells not to cache the content. The same can be achieved by setting the expiration date to 1998 or so. You'll have to test.
Regarding cachefu: perhaps we ought to add a warning to the description of the no-cache checkbox: don't use this for https websites in combination with IE?
Added by
Ricardo Newbery
on
Apr 21, 2008 08:13 AM
Fixed in svn. Removed no-cache from the default policies and added a warning about IE and HTTPS. http://dev.plone.org/collective/changeset/63177
Issue state:
unconfirmed
→
resolved
Target release:
None
→
1.1.2
Responsible manager:
(UNASSIGNED)
→
newbery
Note that 'no-cache' doesn't really *mean* do not cache -- it means enforce a revalidate on every request, which is supposed to override any local heuristics that may otherwise allow stale content to be served. We can communicate the same thing with a max-age=0 and a must-revalidate.
Add response
If you can, please log in before submitting a reaction.
