WebDAV files opening in readonly mode in office 2013 - webdav

WebDAV .docx files are opening in read-only mode in office 2013. Issue is with chrome + office 2013 combination. Everything working fine in chrome + office 2010 combination.
There are no issue in IE + Office 2010/2013. Below are the WebDAV method request order in IE and Chrome.
Chrome
options
get
post
post
post
post
head
propfind
get
head
post
post
IE
options
get
post
post
post
post
head
options
lock
get
propfind
head
post
post
unlock

Related

After recent system updates, can no longer download files in IE 11

Sometime in the last few weeks, MS pushed out IE 11 updates on Windows 10 which I believe may be interfering with the ability to download Excel and PDF files inside an iframe in my ASP.NET web application.
This issue applies only to certain versions of IE 11 (my machine is on 11.192.16299.0) on Windows 10. It has not been reported to with other Windows versions. Machines operating with certain older versions of IE 11 apparently do not experience the issue.
My application has an iframe, in which my own content can be loaded. After loading a page into the iframe and attempting a file download within that iframe, it appears to the user that nothing happens. Inspecting the console, I notice the following two warnings, which have been present in the application for quite some time:
SEC7131: Security of a sandboxed iframe is potentially compromised by allowing script and same origin access.
DOM7011: The code on this page disabled back and forward caching. For more information, see: http://go.microsoft.com/fwlink/?LinkID=291337
Inspecting network traffic, I can see the file request go out, and a response come back. The response has the following headers:
Cache-Control: no-cache, no-store
Content-Disposition: attachment; filename=doc.pdf
Content-Length: 97542
Content-Type: application/pdf
Date: Thu, 25 Jan 2018 18:27:37 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-IIS/10.0
X-UA-Compatible: IE=Edge
This appears to be a normal request to me. Cache-Control is properly set to no-cache, as the document contents are dynamically generated.
And finally, here is the code in my codebehind that initiates the file download for a PDF:
Public Sub DownloadPdf() Handles Pdf.Click
Dim pdf As Byte() = GetPdf()
With Response
.Clear()
.ClearHeaders()
With .Cache
.SetCacheability(HttpCacheability.NoCache)
.SetNoStore()
.SetExpires(Date.UtcNow.AddHours(-1))
.SetMaxAge(New TimeSpan(0, 0, 30))
End With
.ContentType = "application/pdf"
.AddHeader("Content-Disposition", "attachment; filename=doc.pdf")
.AddHeader("Content-Length", pdf.Length.ToString)
.BinaryWrite(pdf)
.Flush()
.End()
End With
End Sub
The Excel download code is quite similar. It is fair to assume GetPdf() is working properly, as the PDF generates and downloads in other browsers (Edge, Chrome, Firefox).
I have inspected IE settings for the Internet and Local intranet security zones, and the configuration appears to be normal. File downloads are allowed, plugins are allowed to run (or require prompt in some cases). I even attempted to loosen security settings across the board to determine what may be causing my issue, but I had no luck. In the dev console, I set the debugger to break on all exceptions, but no exception is being thrown during the file download process.
I can view PDFs from other websites and download files, but it seems that most of the test sites I found are serving static content. On the other hand, my files are created on the fly and the download process seems to function a bit differently.
Are there any apparent issues with my setup? Were there any security or settings changes that accompanied recent MS updates that could be interfering with my application? I appreciate any and all help with this. Thanks for looking.
In certain Windows 10 builds (confirmed for 1703 and 1709), IE security settings were changed to prevent sandboxed iframe file downloads. There is no settings change or workaround I discovered that can resolve this other than removing sandboxing from the iframe.

Office 365 web apps in iframe inside aspx page

Well am trying to open a word document from office 365 inside my aspx page.
The url is included in an iframe,however the page keeps throwing an error message "This content cannot be displayed in a frame".
example code:
<iframe width="700" height="700" src='https://mysite.sharepoint.com/_layouts/15/WopiFrame.aspx?sourcedoc={13438738-FBFF-4F32-A680-4BF6D47F7682}&action=default'></iframe>
I have tried the following but with no luck:
Add <WebPartPages:AllowFraming runat="server" /> to SharePoint master page
Allow external iframes in HTML Field Security in office 365 site settings.
Add the office 365 SharePoint to trusted sites in internet explorer and enabling display mixed content
Add IHttpModule to my asp.net web application to adding headers for the X-Frame-Options HttpContext.Current.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
Deploying Ventigrate.Shared.PermissiveXFrameHeader feature on the office 365 SharePoint site
The thing is I have added
Ignore X-frame headers extension
to my google chrome and I was able to open the word document in google chrome only.
Also if I have change the action inside the url from default to interactivepreview the page will open in IE.
Nevertheless there is no extension for IE,but if there is a solution in google chrome that means there is a possibility to make it work for IE.
Any help would be highly appreciated.

Fiddler says reponse is gzip encoded , IE dev tool does not say so

Im working on a web application to be hosted internally and accessed by ~150 people. Because of the nature of the business, lof of images move between browser and the server. I want to ensure that other content like text is compressed. I think I have made the necessary setting on the IIS 7.5 server.
Now when I request a page and check the response headers with the fiddler2 tool, it says "Transport
Content-Encoding:gzip.
And I also see a message "Response is encoded and may need to be decoded before inspection. Click here to transform"
However when I see the response headers using IE developer tools, network tab, there is no mention of gzip encoding.
So my question is : Is my content really compressed as fiddler2 says or is it not compressed like IE tools show.
As always all help/guidance is greatly appreciated.

HTTP 400 'Request Header too long' error when accessing ASP.NEt application

Our website is an ASP.net 4.0 webforms website using AjaxControlToolkit. It was online in the last week without a problem but since today one of our clients is receiving an 'HTTP Error 400. The size of the request headers is too long' when accessing the site from Firefox. It works in IE. Looking at the logs I see requests with really long junk attached after the URL:
...Statistics.aspx?_TSM_HiddenField_=ctl00_scriptManager_HiddenField&_TSM_CombinedScripts_=;;AjaxControlToolkit,+Version=4.1.51116.0,+Culture=neutral,+PublicKeyToken=28f01b0e84b6d53e:de-DE:fd384f95-1b49-47cf-9b47-2fa2a921a36a:475a4ef5:effe2a26:8e94f951:1d3ed089:addc6819:
5546a2b:d2e10b12:37e2e5c9:5a682656:c7029a2:e9e598a9
The URL should simply be .../Statistics.aspx.
I have found the problem: there were too many cookies on the site. Removing them solved the issue.
The problem had nothing to do with AjaxControlToolkit. Sorry for misleading the community with irrelevant details.
Edit:
I personally have cleaned the cookies using the Firecookie plugin for Firebug in Firefox but you can clean your cookies by pressing Ctrl+Shift+Del and selecting 'Cookies'.

HTML5 audio with a HTTP 302 redirect in Chrome

I am trying to write an HTML 5 based last.fm player using the popular jPlayer jQuery plugin (http://jplayer.org).
The player works fine in Firefox. However I ran into a problem:
From the last.fm API (http://last.fm/api) I get a playlist with urls to the files. When requesting one of these, last.fm does a HTTP 302 redirect from play.last.fm to something like "http://s03.last.fm/someurl/128.mp3".
It looks like there is some same origin policy for html 5 tags, because jPlayer is unable to play the file in Chrome and Chromium. If jPlayer uses the flash solution (using "flash, html" instead of "html, flash"), everything works fine.
I installed the extra codecs on my Ubuntu and mp3 playback works nicely for the jPlayer demos.
HEAD requests are not supported by the streaming servers. I already tried to do a normal GET request and then tried to get the "Location" header of the xmlhttprequest, but it fails with a security error.
You can find the sources of my (proof of concept) project at https://github.com/tburny/html5-lastfm-player
Is there any hint/solution to this problem?
i had a similar problem but only on android browser. there are lots of gotchas. the key question is if either the original url which gives 302 and the end one is https? if so it'll fail.
check out this test suite http://areweplayingyet.org/

Resources