Why do visitors to my site sometimes get a download to a file instead of the page to which they were supposed to go?
What problem does that point to - browser, controller, or something?
Could possibly be that your HTTP server isn't providing the correct MIME type?
This usually means your web server is serving the page up as the wrong MIME type. You need to tell it which files should be served using which MIME types. Apache includes a standard file for this, but I'm not sure which web server or platform you're using.
Either you have an invalid mime type configured when serving the page, so the browser thinks the content type is something it has to download because it can't display it, or if the problem happens only to some users, then the mime type you are choosing is something that those specific users don't have their browsers configured to support.
Related
The recent Windows 10 update for KB5003637 seems to have caused our use of the WebBrowser control to fail. Our applications use a C++ dialog that hosts a web browser control based on the IWebBrowser2 interface and implemented by the COM class 8856f961-340a-11d0-a96b-00c04fd705a2. The control interacts with a bespoke internal 'web server' that is hosted on a localhost port. The web browser is rendering dynamic HTML with a bunch of css and javascript. It's a legacy app that has been working reliably for many years.
Our users that have Windows 10 versions 2004, 20H2, and 21H1 are installing the KB5003637, and when they do the web browser does not render the content that it did before.
Looking at some trace, I can see that the Web Browser is requesting the page's HTML, which seems to be delivered as it should. What normally happens at that time is that the web browser control requests the css and javascript files needed to make the page active. What happens instead is nothing.
The KB5003637 update is pretty big, but does contain fixes for some scripting vulnerabilities described in CVE-2021-31959 which are very much on point. Nothing that I've found so far indicates how this was fixed, the effect that it has on the WebBrowser control, nor what workarounds there might be.
Any help would be appreciated.
Turns out that the Windows update I described did change the behavior of the WebBrowser control. Our bespoke web server was not including content type headers for responses to the WebBrowser's request. For the last decade or more, the control was successfully able to figure out what the content was OR it defaulted to the correct content type in the cases that mattered. After the update, the WebBrowser was defaulting to a content type of 'text' for the initial HTML payload. As a result it was not trying to interpret the payload as HTML and therefore no further actions were necessary (like requesting css and js files).
When I changed the code to include a content type header of "text/html" for the initial payload, the application began working. Content type headers are now included with all replies.
As noted on other cffile upload questions,
GetPageContext().formScope().getUploadResource("myFormField").getName()
is great for getting the filename on the server before actually doing the cffile (for Railo and Lucee - there's a different method for ColdFusion) but I noticed an interesting wrinkle: if the browser is IE then this returns the full source path including the filename. Firefox and Chrome on the other hand, return only the filename.
For my application I need the full path, but haven't been able to find that when the browser is FireFox or Chrome. If anyone has any ideas I would be most grateful!
(Expanded from the comments)
I am not familiar with the getUploadResource() function. However, looking over this related thread, it sounds like it returns file information submitted by the client. While there are recommended guidelines, ultimately the value received on the server is whatever the browser chooses to send. It is not something that can be changed or controlled by server side code. So if Firefox and Chrome return something different than IE, you are out of luck.
(As an aside, personally I have always found Internet Explorer to be a bit odd in this area. Traditionally browsers are restricted from certain file access operations for security reasons, unless a signed control is used. So you might expect those restrictions would prohibit a browser from submitting information about the structure of the client file system as well. In fact, most browsers do not submit path information with uploads, only a file name. Obviously, Internet Explorer chose to do things .. differently .. for whatever reason)
For my application I need the full path
Having said all that, why would you need the path from the client machine?
I'm using Liferay 6.1.0 GA1.
My applications runs on two tomcats. I have varnish in front of them. Varnish redirect to particular node when cookie is set on it.
When I'm trying to upload multiples files on Firefox, it loses this cookie (on Chrome it works just fine).
My idea was, to extend URL - add parameter that can later be filtered in Varnish. But I cannot find where should I add this, that Flash can later copy this properly.
Any other ideas that will be helpful are welcome as well.
P.S. Sorry for bad english.
"Loosing a cookie" means that it explicitly is set to another value, or the hostname changes. I suggest you use Firebug or the built-in Developer tools (hit F12) and monitor the requests and responses that go through the line. Pay attention to Set-Cookie directives in the response headers as well as the Host directive in the request headers. This should give some hints where they're going.
It's hard to give more specific advice with the level of detail you provide.
I often click on a file link in the IE and a download box just pops out. But what happens behind this scene? I know that IE always talks to web server with HTTP protocol, and HTTP is text based.
So is IE download achieved with HTTP protocol? If so, how could arbitrary file format be downloaded over a text based protocol?
And I am currently trying to make a web app which will direct my customer to download some file. My current design is to implement a web service. Customer will call this web service and the web service will return the file download URL. But then I don't know what to do with the URL. Could I just use something like File.Copy to copy the file from the URL to local disk? Or how should I treat the URL? If there's a better design, please teach me.
Many thanks...
By specifying the right content type, you can tell the browser what kind of data it is you are sending.
In addition, there are special encodings (like Base 64) that allow binary content to be displayed as text, using only a limited set of characters and escaping everything else.
Then, there is nothing you need to do with the url. IE will know whether it can or cannot open the file and will show the download box accordingly.
maybe it's like
<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');
// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');
// The PDF source is in original.pdf
readfile('original.pdf');
?>
Ok, I know that serving media files through Django is a not recommended. However, I'm in a situation where I'd like to serve "static" files using fine-grained access control through Django models.
Example: I want to serve my movie library to myself over the web. I'm often travelling and I'd like to be able to view any of my movies wherever I am, provided I have internet access. So I rip my DVDs, upload them to my server and build this simple Django application coupled with some embeddable video player.
To avoid any legal repercussions, I'd like to ensure that only logged-on users with the proper permissions (i.e. myself and people living in the same household, which can, like me, access the real DVDs at their convenience), but denies it to other users (i.e. people who posted comments on my blog) and returns an HTTP 404.
Now, serving these files directly using Apache and mod_wsgi is rather troublesome because when an HTTP request for the media files (i.e. http://video.mywebsite.com/my-favorite-movie/) comes in, I need to validate against my user database that the person at the other end has the proper permissions.
Question: can I achieve this effect without serving the media files directly through a Django view? What are my options?
One thing I did think of is to write a simple script that takes a session ID and a video's slug and returns some boolean indicating if the user may (or may not) access the video file. Then, somehow request mod_wsgi to execute this script before accessing the requested URL and return an HTTP 404 if the script failed. However, I don't have a clue if this is even possible.
Edit: Posting this question clarified some of my ideas for search and I've come across mod_python's file wrapper extension. Does anyone have enough experience with that to validate that it is a viable solution?
Yes, you can hook into Django's authentication from Apache. See this how-to:
Authenticating against Django’s user database from Apache