From 1461ae9e4c59d7e6f0fff908969bd57bd6dcaec9 Mon Sep 17 00:00:00 2001 From: Mateusz Uzdowski Date: Fri, 23 Aug 2013 15:04:54 +1200 Subject: [PATCH] BUG Fix regression in IE no-cache https file downloads. Currently IE6-8 will refuse to download files over HTTPS with default Framework settings. Currently the HTTP::add_cache_headers competely overrides Cache-Control headers on each request, so there is no way to inject custom headers from the API-consuning methods. Also of note: adding no-store header also fixes the issue but will prevent proxies from caching the request body (which they do when using no-cache). So the setting max-age to some low number is a better choice here. --- control/HTTP.php | 18 +++++++++++++++++- control/HTTPRequest.php | 6 +----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/control/HTTP.php b/control/HTTP.php index b1f154b9b..ea6a39724 100644 --- a/control/HTTP.php +++ b/control/HTTP.php @@ -343,7 +343,23 @@ class HTTP { $responseHeaders['Vary'] = 'Cookie, X-Forwarded-Protocol, User-Agent, Accept'; } else { - $responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform"; + // Grab header for checking. Unfortunately HTTPRequest uses a mistyped variant. + $contentDisposition = $body->getHeader('Content-disposition'); + if (!$contentDisposition) $contentDisposition = $body->getHeader('Content-Disposition'); + + if( + Director::is_https() && + strstr($_SERVER["HTTP_USER_AGENT"], 'MSIE')==true && + strstr($contentDisposition, 'attachment;')==true + ) { + // IE6-IE8 have problems saving files when https and no-cache are used + // (http://support.microsoft.com/kb/323308) + // Note: this is also fixable by ticking "Do not save encrypted pages to disk" in advanced options. + $responseHeaders["Cache-Control"] = "max-age=3, must-revalidate, no-transform"; + $responseHeaders["Pragma"] = ""; + } else { + $responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform"; + } } if(self::$modification_date && self::$cache_age > 0) { diff --git a/control/HTTPRequest.php b/control/HTTPRequest.php index 08df7421f..feda0f063 100644 --- a/control/HTTPRequest.php +++ b/control/HTTPRequest.php @@ -391,13 +391,9 @@ class SS_HTTPRequest implements ArrayAccess { } $response = new SS_HTTPResponse($fileData); $response->addHeader("Content-Type", "$mimeType; name=\"" . addslashes($fileName) . "\""); + // Note a IE-only fix that inspects this header in HTTP::add_cache_headers(). $response->addHeader("Content-disposition", "attachment; filename=" . addslashes($fileName)); $response->addHeader("Content-Length", strlen($fileData)); - $response->addHeader("Pragma", ""); // Necessary because IE has issues sending files over SSL - - if(strstr($_SERVER["HTTP_USER_AGENT"],"MSIE") == true) { - $response->addHeader('Cache-Control', 'max-age=3, must-revalidate'); // Workaround for IE6 and 7 - } return $response; }