I have a problem with a script whose purpose is to send a file to be downloaded to the browser.
Locally, everything goes well, but when the script runs on the server, instead of downloading the content (binary) is displayed as text in the browser.
I checked the apache configurations locally and on the server, they are substantially identical...
Can you enlighten me on this problem?
Thank you in advance for your response.
[edit] It's a Symfony 1.4 website using sfWebRequest->setContentType() to set the response 'Content-type' header. When testing on localhost, the header 'Content-type' is correctly set to the value configured in the code. When testing on the server, the header 'Content-type' is always set by the server to 'text/html', displaying textual content in the browser.
Related
so I'm very new to node.js and back-end.
I've just deployed a restful api on AWS just as a little test, it really does nothing special, only some get-post requests updating a json.
It works as expected.
Problem is: the address is of course very long so i also wanted to redirect the requests from a domain easy to remember.
And so i did.
If the domain is unmasked, it works fine, and i can for example get a json:
apiunmasked.pileoni.site/all
Settings on namecheap:
If i do try to mask it, it still works but the browser don't format it as a json:
api.pileoni.site/all.
Also there is something weird in the marging that happen with the masked version on the main page:
api.pileoni.site
apiunmasked.pileoni.site
I guess is some wrong setting on namecheap?
Thanks
Direct request to the EC2 do not adds the Content-Type header in HTTP response, so the browser tries to guess the datatype and correctly recognize and manages it as JSON.
The Namecheap forward service adds the header, probably falling back to "text/html", and the browser display the content as HTML.
Eventually, try to enforce the Content-Type header to "application/json" in your Node application with setHeader().
Is there any way to set up IIS in a way that no file can be downloaded? (without xml configuration and using the IIS UI only).
I know I can remove all mime-types but that is inconvenient, I'm looking for a better option.
You cannot stop of css or js as the server cannot differentiate between a normal
request and a download request when it comes to css or js.
Say you have a CSS or js included in your webpage any html page .This css file will need to be downloaded by the browser.So at server side(IIS) you cannot differentiate a normal download request or browser request. You can deny the download request if the referrer is not matching.For example if someone take sthe URL and directly copying and pasting it in another browser,the referrer header will not be present.Similarly if someone else hotlink to your resources(css,js files),you can stop that too.
By deny download based on Referrer using URLRewrite
My app sends html email with embedded images (data uri scheme) to address like *#gmail.com.
All available for me desktop clients show mail correctly. But when I use web interface some images (not all) are broken.
I have got the following information as result of my investigation:
The issue is observed not only chrome, but on FF and IE too.
Gmail for the web interface replaces values of src attribute of embedded images from data uri scheme to http url for loading images from google proxy servers.
In my case Gmail uses two external servers for loading images: gm1.ggpht.com & mail.google.com
All images are loaded properly from server gm1.ggpht.com with status 200 without any redirection to another location.
All images which tries to load from mail.google.com are broken. Response headers from mail.google.com have 302 status (redirection) with location like https://gm1.ggpht.com/...
An attempt to open new location in browser returns response with status 403 (Forbidden)
Any ideas?
The address was blocked by the Proxy server on the network you use.
We've partnered with a company whose website will display our content in an IFRAME. I understand what the header is and what it does and why, what I need help with is tracking down where it's coming from!
Windows Server 2003/IIS6
Container page: https://testDomain.com/test.asp
IFRAME Content: https://ourDomain.com/index.asp?lots_of_parameters,_wheeeee
Testing in Firefox 24 with Firebug installed. (IE and Chrome do the same thing.) Also running Fiddler so I can watch network traffic while I'm at it.
For simplicity's sake, I created a page with nothing on it but the IFRAME in question - same physical server, different domain/site - and it failed with
Load denied by X-Frame-Options: https://www.google.com/ does not permit cross-origin framing.
(That's in the Firebug console.) I'm confused because:
Google is not referenced anywhere in the containing app, or in the IFRAMEd app. All javascript libraries are kept locally; there is no analytics in the app. No Google, nowhere.
The containing page has NOTHING on it, except the IFRAME. No html tags, no head tag, no body tag. IFRAME. That's it.
The X-FRAME-OPTIONS header does not exist in IIS on the server: not at the "Websites" node, not in the individual sites.
So where the h-e-double-sticks is that coming from? What am I missing?
Interesting point: if I remove http"S" from the IFRAME url, it works. Given the nature of the data, SSL is required.
You might check global.asax.cs, the app could be adding the header to every response automatically. If you just search the app for "x-frame-options" you might find something also.
Our IIS server has Dynamic and Static HTML Compression enabled, but when I browse to our website and view the Response Headers in Fiddler, I only see the "Content-Encoding: gzip" header for one resource (a flash file).
Why would the other response types not have this header? Does it mean that compression is NOT working for the other responses?
The only way to be 100% sure that compression is active is to compare the size of the downloaded resource against the original file on the server. The network tab of the Firebug extension can help you here.
It looks like our company network was actually stripping out the Content-Encoding header. (I have no idea why). When I browse from home the gzipping seems to work fine. This post on StackExchange.com helped me figure it out.