Cache-Control change in #109941 breaks private downloads over SSL in IE6/7
jrbeeman - September 7, 2007 - 00:48
| Project: | Drupal |
| Version: | 5.10 |
| Component: | base system |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
The change in #109941 (commit) seems to have broken private file downloads over SSL in Internet Explorer 6 and 7.
On the site I'm working with, we have many nodes with PDF attachments. When the line reads:
header("Cache-Control: store, no-cache, must-revalidate");
any attempt to download the files results in an IE 6/7 error stating,
Internet Explorer cannot download [filename] from [hostname]
The file could not be written to the cache
When I revert that line to read:
header("Cache-Control: no-store, no-cache, must-revalidate");
everything is peachy again.
Does anyone have ideas on a way to provide the functionality present in #109941, while not seriously breaking file download functionality?
#1
We're experiencing this exact problem as well. Changing to "no-store" seems to fix the problem.
#2
This is a known bug in IE6/IE7. See http://support.microsoft.com/kb/316431
Unfortunately, it is a design bug; Microsoft says the behavior is by design.
I'm not sure I understand the underlying issue well enough to comment, but what happens if you go to bootstrap.inc and change the existing
header("Cache-Control: store, no-cache, must-revalidate");to
header("Cache-Control: must-revalidate");
}
#3
I am guessing there are other factors at work since we do send no-cache and must-revalidate in either case.
The ideal solution would be to send non-ie-bug-triggering headers for file downloads, and keep the present headers for everything else.
#4
Agreed - I believe this would address the issue. I will try to work on a patch for 6.x, but I'm not familiar with this area of Drupal at all, so if anyone has pointers, I'd appreciate them.
#5
Hi,
I'm new here,
This problem is occurring for me on a new 5.7 install. (I upgraded from 4 over the weekend).
Should the Version be changed to 5.7. Is it proper for me to do this? or should someone else.
Thanks.
#6
#7
I'm wondering if this also affects cacheing of images located above root in drupal's private file system. My site will not cache images above root although it does cache files that are within the drupal root.
See my other post: http://drupal.org/node/272082
#8
#9
#10
I just used:
header("Cache-Control: store, must-revalidate");Seems to work.
#11
It seems that commenting out the entire line
header("Cache-Control: store, no-cache, must-revalidate");everything works just swimmingly.
#12
Would commenting out that line cause problems elsewhere? bmherold, let us know if you notice any wonkiness. Thanks.
#13
I stumbled on this with the same problem - trying to use private downloads over SSL. Here's how I've solved it (apparently - still early). I created a module I called sslfiles.module:
<?php/**
* Implements hook_file_download
*/
function sslfiles_file_download($file)
{
// Use PHP's header() function to return the same cache-control headers as
// drupal_page_header(), defined in bootstrap.inc
// except remove no-cache, and add maxage
header("Cache-Control: store, must-revalidate, maxage=1", TRUE);
header("Cache-Control: post-check=0, pre-check=0", FALSE);
}
So, basically instead of returning headers, I'm using php's header() function to blow away Drupal's regular Cache-Control headers. But since this is in hook_file_download, this only happens for file downloads.
Are there any problems with this approach that I'm missing? I can definitely verify that it works. Enable the module and the problem goes away. Disable it, and it's back.