Databases
StackOverflow2013
Postsdbo
POThe Case of The Mysterious Content-Disposition Header
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POThe Case of The Mysterious Content-Disposition Header
    text
    copied!<p>Our product includes a Flash application that is loaded by SWFObject. For one customer, when accessing this SWF via HTTPS (but not HTTP), Flash Player will not load it.</p> <p>I asked the customer to go directly to the URL of the SWF file (rather than the wrapper page):</p> <ul> <li>When he does so via HTTP, the SWF loads in the browser.</li> <li>When he does so via HTTPS, IE7 presents him with a 'save file' dialog box. This implies that a "Content-Disposition: attachment" header is present in the response. That would also explain why the SWF isn't loading in Flash Player: as a security measure, it will not play SWFs served with that header.</li> </ul> <p>So, I have a couple of things I'm trying to figure out:</p> <ol> <li><p>How can I be certain that a Content-Disposition header is being sent by the server (rather than it being a strange artifact of IE7)? The user only has IE7 at his disposal, and cannot use Firefox, Chrome, etc. IE7 doesn't include the handy 'Network' tab that's present in IE9's developer tools.</p></li> <li><p>Assuming that the header is present, how is it getting there? They are running Tomcat 6. The SWF is being served by Tomcat's default servlet. The header appears to be present if the HTTPS connector is used, but not if the HTTP connector is used. The Tomcat configuration is stock except for enabling the HTTPS connector.</p></li> </ol> <p><strike>On a side note, I don't trust Flash's cache clearing. On my machine under IE9, the SWF is often satisfied by cache even after I explicitly clear the browser cache and Flash Player's stored data: I don't see any request for it in Fiddler, or in Tomcat's access logs, but the SWF loads in the browser. Am I missing something here? Could the customer be accessing some bogus cached version of the SWF?</strike></p> <p><strong>Edit:</strong> Apparently the 'clear cache' command in the developer tools doesn't <em>really</em> clear the cache. Using the standard method yielded the expected results.</p> <p><strong>Edit 2:</strong> Tracing within Tomcat indicates that the Content-Disposition header is not set. I don't know for certain that it's not being received by the browser, but AFAIK the browser is connecting directly to Tomcat. This seems like an odd browser-side behavior.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload