Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-3481

Using stream results with content-disposition: attachment; filename="whatever" in HTTPS and IE does not work

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.1.8.1
    • Fix Version/s: 3.0
    • Component/s: "New" API, Documentation
    • Labels:
      None

      Description

      I have a page which allows the download of files. I implement some complex security around this so I use a stream result from an action to return the resulting file. It works beautifully in Firefox, Chrome, Opera etc but in IE (I'm using version 8 but I think it affects other versions as well) it gives an error - "Internet Explorer cannot download <whatever> from <wherever>. Internet explorer was not able to open this Internet Site. The request is either unavailable or cannot be found. Please try again later."

      This is apparently to do with the Cache-Control: no-cache being incorrectly implemented in IE since version 6 (i.e. all current versions). As I understand it, IE deletes the file before it can be saved.

      The solution in the documentation at http://struts.apache.org/2.1.8.1/docs/stream-result.html points to http://struts.apache.org/2.1.8.1/docs/https-and-ie-issues.html which is very out of date (I don't think interceptors work that way any more) and even when adapted to version 2.1.8.1 (my feeble effort below) doesn't work because I can't change the allowCaching parameter at run time (it needs to be true for IE downloads and false for everything else).

      It would be really good to:
      1) Make the allowCaching parameter of the StreamResult class take a stack parameter and OGNL expression (like the other parameters)
      2) Include the workaround for IE misbehaviour in the StreamResult class doExecute method

      Cheers
      -----------------------
      public class HTTPRequestCachePrivateInterceptor implements Interceptor
      {
      public void destroy() {}

      public void init() {}

      public String intercept(ActionInvocation invocation) throws Exception
      {
      HttpServletRequest request = (HttpServletRequest)invocation.getInvocationContext().get(ServletActionContext.HTTP_REQUEST);
      HttpServletResponse response = (HttpServletResponse) invocation.getInvocationContext().get(ServletActionContext.HTTP_RESPONSE);
      if (request!=null && response!=null) {
      if (request.isSecure()) {
      String userAgent = request.getHeader("User-Agent");
      if (userAgent!=null) {
      if (userAgent.indexOf("MSIE")>=0)

      { response.setHeader("Cache-Control", "private, no-transform, must-revalidate, max-age=5"); }

      }
      }
      }
      return invocation.invoke();
      }
      }

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              andyc Andy Clark
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: