#117 — Can't download files with IE / SSL / CacheFu combo
| State | Resolved |
|---|---|
| Version: | 1.1 |
| Area | Functionality |
| Issue type | Bug |
| Severity | Medium |
| Submitted by | (anonymous) |
| Submitted on | Dec 13, 2007 |
| Responsible | Ricardo Newbery |
| Target release: | 1.1.2 |
Last modified on
Mar 05, 2009
by
Ricardo Newbery
If a user tries to download an uploaded file or document and:
* The user is using IE (6 or 7)
* The site is being served on a Linux server over SSL (with either ProxyUser or RewriteRules)
* CacheFu is on
...then the user gets an error from IE:
"Internet Explorer cannot download file from <site.com>"
"Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
The file can be downloaded with no problem if any ONE of the following is done:
* If the user uses Firefox
* If the site is redirected through either the default port 8080 or through vanilla port 80
* If CacheFu is turned off
This sounds like an unlikely confluence of events, but it's actually very common:
* I can't tell my user base not to use IE
* I need to serve the site over SSL, because Plone usernames and passwords are sent in cleartext
* I need CacheFu to get Plone to acceptable levels
* My users need to be able to upload and download documents for collaboration.
This was found in Plone 3.0.3.
* The user is using IE (6 or 7)
* The site is being served on a Linux server over SSL (with either ProxyUser or RewriteRules)
* CacheFu is on
...then the user gets an error from IE:
"Internet Explorer cannot download file from <site.com>"
"Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
The file can be downloaded with no problem if any ONE of the following is done:
* If the user uses Firefox
* If the site is redirected through either the default port 8080 or through vanilla port 80
* If CacheFu is turned off
This sounds like an unlikely confluence of events, but it's actually very common:
* I can't tell my user base not to use IE
* I need to serve the site over SSL, because Plone usernames and passwords are sent in cleartext
* I need CacheFu to get Plone to acceptable levels
* My users need to be able to upload and download documents for collaboration.
This was found in Plone 3.0.3.
- Steps to reproduce:
- STEPS:
* Upload a file to a Plone site
* Make sure CacheFu is turned on
* Make sure site is being served over SSL (https)
* Using Internet Explorer, click on the uploaded file.
RESULT:
"Internet Explorer cannot download file from <site.com>"
"Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
EXPECTED:
The file should download.
Added byReinout van ReesonDec 13, 2007 08:52 PM
I saw a somewhat similar problem on a client site once. In the end, the problem was 'no-cache' header + ie + https. IE, when using https, barfs on a 'no-cache' header. If you google for it you'll probably find something. Most regard it as an IE bug.
Target release:
1.1.2
→
None
Responsible manager:
newbery
→
(UNASSIGNED)
The workaround, if I remember correct, is to remove the 'no-cache' header. I also thought it only was a problem for certain file downloads.
So: google a bit and then tweak a bit to see if this is the problem.
Added by(anonymous)onDec 13, 2007 09:57 PM
What are the caching implications of deleting the no-cache header, if any?
Added byReinout van ReesonDec 13, 2007 10:18 PM
I got an email from the bug submitter that removing the 'no-cache' header solved it.
I don't know the exact results of removing that header. It basically tells not to cache the content. The same can be achieved by setting the expiration date to 1998 or so. You'll have to test.
Regarding cachefu: perhaps we ought to add a warning to the description of the no-cache checkbox: don't use this for https websites in combination with IE?
Added byRicardo NewberyonApr 21, 2008 08:13 AM
Fixed in svn. Removed no-cache from the default policies and added a warning about IE and HTTPS. http://dev.plone.org/collective/changeset/63177Issue state:
unconfirmed
→
resolved
Target release:
None
→
1.1.2
Responsible manager:
(UNASSIGNED)
→
newbery
Note that 'no-cache' doesn't really *mean* do not cache -- it means enforce a revalidate on every request, which is supposed to override any local heuristics that may otherwise allow stale content to be served. We can communicate the same thing with a max-age=0 and a must-revalidate.
Added by(anonymous)onMar 05, 2009 02:48 PM
I still cannot download the file even though I removed no-cache header. In previous version, I could download the file even though it had no-cache header. Is there any other cause?
Added byRicardo NewberyonMar 05, 2009 03:28 PM
First, I don't know if this is the same issue as you are experiencing. But assuming it is, this is a confirmed IE bug with the way it processes HTTPS-downloaded files with either the 'no-cache' or 'no-store'. Some reports suggest that this bug may have been fixed in recent IE releases but I haven't confirmed this.
I don't know what you mean by "in previous version"... previous version of what?
No responses can be added.
If you can, please log in before submitting a reaction.