Fixing a strange problem with IE8, SSL and Excel
The other day, me and a colleague of mine experienced a strange problem when trying to download a Microsoft Excel spreadsheet in Internet Explorer 8 from one of our web applications. After a bit of googling we came across an article on the Microsoft support site, describing a problem in Internet Explorer 6 and 5 where the browser would fail to download any Microsoft Office documents if it was downloaded from a server using SSL and the server had added one or both of the following headers to the response message:
Pragma: no-cacheCache-control: no-cache,max-age=0,must-revalidate
But the article didn't precisely describe our specific problem. First of all, we weren't using IE 6 and secondly the error we got wasn't any of those mentioned in the article, but we decided to give a try, anyway.
When we generate dynamic spreadsheets and PDF files, we always set headers to ensure that the clients doesn't cache the result, so we simply removed some of the header() function calls and tried to request the file again, but the error was still present. We discovered that the headers were still set by something and we tracked it down to be the standard headers that Apache sets on all response messages.
After some more googling on how to control the headers in Apache, we came across the documentation on the mod_headers module:
This directive can replace, merge or remove HTTP response headers during 1xx and 2xx series replies. For 3xx, 4xx and 5xx use the ErrorHeader directive.
The action it performs is determined by the first argument. This can be one of the following values:
- set
The response header is set, replacing any previous header with this name- append
The response header is appended to any existing header of the same name. When a new value is merged onto an existing header it is separated from the existing header with a comma. This is the HTTP standard way of giving a header multiple values.- add
The response header is added to the existing set of headers, even if this header already exists. This can result in two (or more) headers having the same name. This can lead to unforeseen consequences, and in general "append" should be used instead.- unset
The response header of this name is removed, if it exists. If there are multiple headers of the same name, all will be removed.This argument is followed by a header name, which can include the final colon, but it is not required. Case is ignored. For add, append and set a value is given as the third argument. If this value contains spaces, it should be surrounded by double quotes. For unset, no value should be given.
That was exactly the kind of thing we were looking for! So we SSH'ed to the server and activated the module:
# a2enmod headers # /etc/init.d/apache2 force-restart
After enabling the plugin we made a simple .htaccess file with the following content:
Header unset Pragma Header unset Cache-control
And after that, the request worked perfectly in all browsers. So from now on, I will always try to do all sorts of crazy stuff when I come across a problem or a bug. I can't imagine how much time we would have wasted if we hadn't tried that out as one of the first things.
No related posts.
Categories
- General (1)
- Programming (8)
Archives
- January 2010 (1)
- December 2009 (1)
- November 2009 (2)
- October 2009 (2)
- September 2009 (2)
Twitter
-
Wow, I really like the new Youtube!
-
I want a Facebook like this! http://bit.ly/cxEoLS
-
Alfred is a really nice alternative to Quicksilver! http://www.alfredapp.com/
-
This must be the ugliest site i've ever seen... http://www.yvettesbridalformal.com/ #myeyeshurt
-
"Please silence your phones... our program will begin shortly." - http://bit.ly/6nKBpe