[LRUG] IE headers and exporting data in CSV files

Chris Mear chrismear at gmail.com
Tue Aug 4 05:32:29 PDT 2009 

It seems to be a workaround for this issue with IE failing to download  
filed specified via a Content-Disposition header, when the connection  
is made over HTTPS:

http://support.microsoft.com/?kbid=323308

The root of the issue seems to be that when IE downloads and then  
saves/launches a file, it downloads it to a temporary store first.  
Unfortunately, it appears to use the same store for ordinary caching  
and the temporary download scratch space, so if a "don't cache" regime  
is in effect (which it is by default on HTTPS, or because you've  
specified no caching in your HTTP headers), it doesn't write the file  
to disk (or quickly deletes it or something) and then can't find it  
when it tries to save (copy/move) it to the user's desired location.

This incantation of headers looks like it works by using the Pragma  
header to allow *some kind* of disk caching in IE (i.e. it's not set  
to 'no-cache'), but at the same time setting a Cache-Control header  
that makes IE not *really* cache it -- I'm guessing just to make sure  
it actually hits the server and downloads new data if you revisit the  
URL.

According to this MSDN blog post, the post-check=0 and pre-check=0  
aren't strictly necessary:

http://blogs.msdn.com/ieinternals/archive/2009/07/20/Using-post_2D00_check-and-pre_2D00_check-cache-directives.aspx

that is, according to the specs -- who knows what the actual behaviour  
of the software is.

A quick trawl through the MS KB turns up issues like this attached to  
IE 5 and IE 6, but nothing specifically to IE 7 -- however, would be  
best to test.

There's also some other Content-Disposition--related bugs in IE, to do  
with things like not setting the filename properly, or miss-guessing  
the content type (various versions of IE actually do magic number  
sniffing on the file content to check the content type, apparently as  
a security feature to stop people disguising executables as images or  
whatever), which you can turn up by searching the KB for IE articles  
containing 'Content-Disposition'. It may be that this incantation  
works around some of those as well.

Chris


On 4 Aug 2009, at 12:35, Joel Chippindale wrote:

> I've seen the following hack for setting the headers for IE in Ruby  
> on Rails when serving CSV files all over the place (for example http://vikasnandal.blogspot.com/2008/03/how-to-export-data-to-csv-in-ruby-on.html) 
> .
>
> However I've never seen an explanation as to why it might be needed.
>
> Can any of you knowledgeable LRUGers enlighten me as to what the  
> problem with IE that it is meant to resolve is and if so, which  
> versions of IE it is a problem with and finally what happens if you  
> don't include do these IE specific headers?
>
> #this is required if you want this to work with IE
> if request.env['HTTP_USER_AGENT'] =~ /msie/i
>   headers['Pragma'] = 'public'
>   headers["Content-type"] = "text/plain"
>   headers['Cache-Control'] = 'no-cache, must-revalidate, post- 
> check=0, pre-check=0'
>   headers['Content-Disposition'] = "attachment; filename= 
> \"#{filename}\""
>   headers['Expires'] = "0"
> else
>   headers["Content-Type"] ||= 'text/csv'
>   headers["Content-Disposition"] = "attachment; filename= 
> \"#{filename}\""
> end
>
> J.
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org

More information about the Chat mailing list