I desperately need help with this one. I have a classic ASP website in IIS 5, where I need to stream pdf to users. I am using ADODB.Stream to generate chunks of binary data and using response.BinaryWrite to stream it to client. Now problem is that there is a known feature in IE which sets the Response CacheControl header to "no-cache" by default for SSL (https) sites. Hence I am getting the standard error:
"Internet Explorer cannot download File.doc from ServerName.
Internet Explorer was not able to open this Internet Site. The requested site is either unavailable or cannot be found. Please try again later."
I have set Response.CacheControl = "private,must-revalidate,max-age=3600" before streaming, but it still give the error.
Note: The same code works perfectly in all other browsers like firefox and netscape.I am using LiveHttpHeaders in firefox to see that Response.CacheControl is automatically set correctly in firefox. Unfortunately i cannot install Fiddler on my machine, but i am guessing problem is due to IIS default header CacheControl = "no-cache" for https
I have unchecked the "Do not save encrypted pages to disk" option in IE.
I need a way around this since the option has to be made available very soon to users over the internet with existing technology :(
Start here: http://blogs.msdn.com/ieinternals/archive/2009/10/02/Internet-Explorer-cannot-download-over-HTTPS-when-no-cache.aspx to see a fuller discussion of this issue. It's quite likely that you're sending one or more headers that forbid caching.
The statement...
there is a known feature in IE which
sets the Response CacheControl header
to "no-cache" by default for SSL
(https) sites
... is incorrect. Did you mean to say "IIS"? Which version? I've never heard of such a feature.
I don't know why you can't use Fiddler on the machine in question?
maybe this could help:
Link
I solved a similar problem checking "enable content expiration" on the http headers tab of the iis management console.
You might be able to get away with dropping support for Internet Explorer 5.5 as it has less than .5% of the market. It so low they stopped tracking it on in jun 08'
Related
In my webpage, I have a download button will write excel to response and it work previously. But I got a problem today that browser on client (tested IE and Chrome) cannot download exported excel from ASP.net webforms suddenly without changing code and software install.
When I test in Chrome, console show that Resource interpreted as Document but transferred with MIME type application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.
I used the notepad to open the downloaded excel and the content become the my web html page.
I tried to login server and use the browser in server, the file can be download normally with correct content.
I have tried to copy the web folder to another server and iis setup, it show same behavior that the downloaded excel become html content of my page on client browser but work in server browser.
May I have any idea how to troubleshoot on this case please?
Thanks
Are you facing this issue on a domain/managed network? If yes, are you the administrator of the network? If that's not the case, please give these suggestions a try:
If you’re using an antivirus or firewall software, make sure Chrome
is trusted or allowed by these programs. You can also try
temporarily disabling your antivirus or firewall to see if this
resolves the issue.
Just to make sure we eliminate malware from the
scenario, please follow the steps from this help article.
Try resetting the Chrome browser to see if that helps.
Also, creating a new user profile on your Chrome can be helpful.
If the issue persists, download and run Chrome Canary. It is the
cutting edge developer version of Chrome that can be installed
alongside Stable Chrome. It's possible the problem won't exist on a
future version.
refrence article
Im working on a web application to be hosted internally and accessed by ~150 people. Because of the nature of the business, lof of images move between browser and the server. I want to ensure that other content like text is compressed. I think I have made the necessary setting on the IIS 7.5 server.
Now when I request a page and check the response headers with the fiddler2 tool, it says "Transport
Content-Encoding:gzip.
And I also see a message "Response is encoded and may need to be decoded before inspection. Click here to transform"
However when I see the response headers using IE developer tools, network tab, there is no mention of gzip encoding.
So my question is : Is my content really compressed as fiddler2 says or is it not compressed like IE tools show.
As always all help/guidance is greatly appreciated.
I thought I have somehow found a solution to the very vexing problem with Firefox and CDN-hosted fonts access, but here comes IE9.
I recently found a very frustrating issue with IE9 caching problem, and chanced upon this blog post (IE9 Redirect Caching Nightmare) which enlightened me more about the actual issue.
I have to admit that I'm not sure whether the above mentioned is actually the issue, but it seems close enough.
Problem:
I have a website set up with 2 domains(base domain and subdomain) pointing to the same server, serving the exact same website which is using a same set of resources from a CDN hosted on Amazon S3, served by Cloudfront.
https://example.com
https://www.example.com
I get these kind of error messages in my IE9 developer tools console when loading fonts from my CSS file using #font-face:
CSS3117: #font-face failed cross-origin request. Resource access is restricted.
This happens when I loaded either of the URL first, then visiting the other second. IE9 is not running in Compatibility Mode. It running is in Document Mode: IE9 Standards.
From my limited understanding of the CORS and the need to set Access-Control-Allow-Origin HTTP header, I have dutifully set it up in S3 CORS policy, and it works perfectly fine with Firefox.
Requests from both domains, will get their respective header when requesting the CDN resource.
It seems that IE9 tried to do some optimization with caching, and cached the redirect too.
This causes a problem as the Access-Control-Allow-Origin header is cached as well. Without sending a request to the CDN server, the Access-Control-Allow-Origin header cannot change for different domains.
So I'm left with a situation where the request is from https://www.example.com and yet the Access-Control-Allow-Origin is https://example.com. This leads to the restricted resource problem with the error message above.
Further look: I did a check with Firefox 19, the above situation actually occurs, but it does not encounter the same strict restriction as IE9. Subdomain (https://www.example.com) requesting information will accept the access-control-allow-origin of the main domain(https://example.com). Chrome (Webkit) doesn't seem to care. I'm at a loss about which browser's behaviour implementation is correct.
With my current settings in the CDN, it seems like Chrome and Firefox, automatically reroutes allwww subdomain requests to the main domain. Only upon multiple attempts of inputing the www subdomain in the address bar, then will Chrome and Firefox obey. IE9 on the other hand, just goes to whichever address is typed in the address bar. IE9 seems to be the odd one out here, but I'm not sure which browser's behaviour is actually correct.
From a usability standpoint, Chrome and Firefox seems to be the "correct" behaviour.
Known Possible Solutions:
Set Access-Control-Allow-Origin header to allow all, i.e. *
Turn off caching in the browser
Redirect one domain to the other
Use query string to differentiate different domain calls for resource
Embed the font into the CSS as data-uri
For solution 1, let's just say I'm paranoid that I just want to set specific domains to allow.
For solution 2, is not optimal if I were to set it for all browsers, also my site has to run on mobile devices with usually less-than-desirable download speeds.
For solution 3, possible, but I'm still curious for solution to deal directly with the IE9 caching issue.
For solution 4, it is very hard to implement especially when the resource is called from #font-face. Does it mean that I'll have to dynamically re-generate the CSS for different domain calls for the different line just to load a font to bypass the issue? Seems to defeat the purpose of CSS itself, and caching resources for that matter.
edit: Stylesheet works, font-loading doesn't.
For Solution 5, it is tedious for maintenance and updating, especially when there are changes to the font files periodically.
Question: Are there any known ways to deal specifically with IE9's redirect caching behaviour in this particular case?
Answers and comments are very much appreciated. Thanks in advance!
Edit: More browser test information.
Solution 1:
Check this question.
Solution 4: rename your CSS file to style.php and use whatever code you need to call the appropriate resource.
Set the content type at the top of the page.
<?php
header("Content-type: text/css; charset: UTF-8");
?>
More info about style.php from Chris Coyier.
We discovered the same weird behavior also in IE10 and IE11.
Resetting the browser cache makes the fonts to be loaded without any problem. Also enabling and disabling compatibility mode.
But when switching to another subdomain, IE does not render the font because request header does not match the response header which is still the URL of the last request. And IE always shows the full URL for even if the definition on the bucket is *.ourdomain.com
So the general issue with allowing cross origin requests to assets like webfonts was solved by adding CORS permissions to the S3 Bucket - that made the webfonts work perfectly in Firefox.
But we still have no idea how to avoid * and tell IE not to cache the response headers.
I am getting IE9 "only display secure content" warning on my page. It calls a large number of frames etc that I did not write so I am looking for way to get IE9 to show me what it considers the insecure (http) page that being asked to be loaded. Is there a way to this? I also have access to IE7 & 8. I don't generally have any other tools on the machines with IE because they are just short term VMs, running MS's testing builds of IE7,8,9.
Open Fiddler, then click Allow in the warning.
Fiddler will show you all of the non-SSL requests.
You can also just look in Firebug's Net tab.
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content.
I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
Could someone tell me what the problem is and what can be done to solve it!
PS: I have also checked if the page source is any different when IE8 showed with and without secure data. Everything is the same. but viewstateID was different. Is that something that is creating this problem?
Thanks a lot in advance.
This is usually caused by having the absolute path to a resource specified somewhere on the page without having https specified, eg:
<img src="http://someurl.com/image.png">
If it's a link to something on your site, use https: or a relative path.
DO you have any 3:rd party javascript included, like google analytics or other that might have changed.
If you try with Firefox there is firebug you can add as an addon.
In there is a tab for network (net).
It lists everything the page loads.
In that list you should be able to find anything that gets loaded without https.
IE (correctly) complains when there is mixed http/https content as a security warning. Most other browsers do not typically complain when dealing with mixed content so your source is very likely the same in both instances.
I would second David Mårtensson's answer and say the issue is likely a third party library (google or MS hosted JQuery for example) or static asset server.