生成 PDF,使用 IE 和 HTTPS 时出错
我正在 ASP.NET 2.0 中将 PDF 流式传输到浏览器。 这适用于所有基于 HTTP 的浏览器以及除 IE 之外的所有基于 HTTPS 的浏览器。 据我所知,这曾经在所有版本的 IE 中都有效(过去 5 年左右),但我们的客户最近才开始报告问题。 我怀疑不将加密的页面保存到磁盘安全选项过去默认情况下处于禁用状态,并且在某些时候默认情况下处于启用状态(Internet 选项 -> 高级 -> 安全)。 作为一种解决方法,关闭此选项会有所帮助,但作为长期解决方案并不可行。
我收到的错误消息是:
Internet Explorer 无法从 www.sitename.com 下载 OutputReport.aspx。
Internet Explorer 无法打开此 Internet 站点。 请求的站点不可用或无法找到。 请稍后重试。
用于创建 PDF 的工具是 DataDynamics 的 ActiveReports。 创建 PDF 后,以下是发送它的代码:
Response.ClearContent()
Response.ClearHeaders()
Response.AddHeader("cache-control", "max-age=1")
Response.ContentType = "application/pdf"
Response.AddHeader("content-disposition", "attachment; filename=statement.pdf")
Response.AddHeader("content-length", mem_stream.Length.ToString)
Response.BinaryWrite(mem_stream.ToArray())
Response.Flush()
Response.End()
注意:如果我没有明确指定缓存控制,则 .NET 代表我发送无缓存,因此我尝试将缓存控制设置为:私有或public 或 maxage=#,但这些似乎都不起作用。
事情是这样的:当我运行 Fiddler 来检查响应标头时,一切正常。 我收到的标头是:
HTTP/1.1 200 正常
缓存控制:max-age=1
日期:2009 年 7 月 29 日星期三 17:57:58 GMT
内容类型:应用程序/pdf
服务器:Microsoft-IIS/6.0
MicrosoftOfficeWeb服务器:5.0_Pub
X-Powered-By:ASP.NET
X-AspNet-版本:2.0.50727
内容处置:附件; 文件名=声明.pdf
内容编码:gzip
变化:接受编码
传输编码:分块
一旦我关闭 Fiddler 并重试,它就会再次失败。 我注意到的另一件事是,当 Fiddler 运行时,我收到一条此网站的安全证书有问题警告消息,我必须单击继续访问此网站(不推荐) 才能通过。 当 Fiddler 关闭时,我不会遇到此安全警告,并且它会立即失败。
我很好奇 Fiddler 和浏览器之间发生了什么,以便在 Fiddler 运行时它可以工作,但在不运行时会中断,但更重要的是,有谁知道如何更改我的代码,以便将 PDF 流式传输到 IE 无需进行更改即可工作到客户端机器?
更新: Fiddler 问题已解决,非常感谢 EricLaw,所以现在它的行为一致(无论是否运行 Fiddler,都已损坏)。
根据 Google 搜索,网络上似乎有很多关于同一问题的报告,每个报告都有自己特定的响应标头组合,似乎可以解决各自案例的问题。 我已经尝试了许多这些建议,包括添加 ETag、LastModified 日期、删除 Vary 标头(使用 Fiddler)以及 Cache-Control 和/或 Pragma 标头的数十种组合。 我尝试了 ContentType 的“Content-Transfer-Encoding:binary”以及“application/force-download”。 到目前为止没有任何帮助。 有很少 微软 知识库 文章,所有这些都表明 Cache-Control: no-cache 是罪魁祸首。 还有其他想法吗?
更新:顺便说一下,为了完整起见,Excel 和 Word 输出也会出现同样的问题。
更新:没有取得任何进展。 我将 Fiddler 的 .SAZ 文件通过电子邮件发送给了 EricLaw,他在调试 IE 时能够重现该问题,但目前还没有解决方案。 赏金即将过期...
I am streaming a PDF to the browser in ASP.NET 2.0. This works in all browsers over HTTP and all browsers except IE over HTTPS. As far as I know, this used to work (over the past 5 years or so) in all versions of IE, but our clients have only recently started to report issues. I suspect the Do not save encrypted pages to disk security option used to be disabled by default and at some point became enabled by default (Internet Options -> Advanced -> Security). Turning this option off helps, as a work-around, but is not viable as a long term solution.
The error message I am receiving is:
Internet Explorer cannot download OutputReport.aspx from www.sitename.com.
Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later.
The tool used to create the PDF is ActiveReports from DataDynamics. Once the PDF is created, here is the code to send it down:
Response.ClearContent()
Response.ClearHeaders()
Response.AddHeader("cache-control", "max-age=1")
Response.ContentType = "application/pdf"
Response.AddHeader("content-disposition", "attachment; filename=statement.pdf")
Response.AddHeader("content-length", mem_stream.Length.ToString)
Response.BinaryWrite(mem_stream.ToArray())
Response.Flush()
Response.End()
Note: If I don't explicitly specify cache-control then .NET sends no-cache on my behalf, so I have tried setting cache-control to: private or public or maxage=#, but none of those seem to work.
Here is the twist: when I run Fiddler to inspect the response headers, everything works fine. The headers that I receive are:
HTTP/1.1 200 OK
Cache-Control: max-age=1
Date: Wed, 29 Jul 2009 17:57:58 GMT
Content-Type: application/pdf
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
content-disposition: attachment; filename=statement.pdf
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
As soon as I turn Fiddler off and try again, it fails again. One other thing that I noticed is that when Fiddler is running I get a There is a problem with this website's security certificate warning message, and I have to click Continue to this website (not recommended) to get through. When Fiddler is off, I do not encounter this security warning and it fails right away.
I am curious what is happening between Fiddler and the browser so that it works when Fiddler is running but breaks when it's not, but more importantly, does anyone have any ideas how I could change my code so streaming PDFs to IE will work without making changes to the client machine?
Update: The Fiddler issues are resolved, thank you very much EricLaw, so now it behaves consistently (broken, with or without Fiddler running).
Based on Google searching, there seem to be plenty of reports of this same issue all over the web, each with it's own specific combination of response headers that seem to fix the problem for their individual cases. I've tried many of these suggestions, including adding an ETag, LastModified date, removing the Vary header (using Fiddler) and dozens of combinations of the Cache-Control and/or Pragma headers. I tried "Content-Transfer-Encoding: binary" as well as "application/force-download" for the ContentType. Nothing has helped so far. There are a few Microsoft KB articles, all of which indicate that Cache-Control: no-cache is the culprit. Any other ideas?
Update: By the way, for completeness, this same issue occurs with Excel and Word outputs as well.
Update: No progress has been made. I emailed the .SAZ file from Fiddler to EricLaw and he was able to reproduce the problem when debugging IE, but there are no solutions yet. Bounty is going to expire...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(12)
您的 Cache-Control 标头不正确。 它应该是Cache-Control: max-age=1,中间有破折号。 首先尝试修复该问题,看看是否会产生影响。
通常,我会说最有可能的罪魁祸首是您的 Vary 标头,因为此类标头通常会导致 IE 中的缓存问题: http://blogs.msdn.com/ieinternals/archive/2009/06/17/9769915.aspx。 您可能想要尝试将 ETAG 添加到响应标头。
Fiddler 应该对可缓存性没有影响(除非您编写了规则),而且听起来您说它确实有影响,这表明可能存在某种计时问题。
>过去默认情况下禁用的“不将加密页面保存到磁盘”安全选项默认情况下,
此选项仍然处于禁用状态(在 IE6、7 和 8 中),尽管 IT管理员可以通过组策略将其打开,一些大公司也这样做。
顺便说一句,您在运行 Fiddler 时看到证书错误的原因是您尚未选择信任 Fiddler 根证书; 请参阅http://www.fiddler2.com/fiddler/help/httpsdecryption.asp 有关此主题的更多信息。
Your Cache-Control header is incorrect. It should be Cache-Control: max-age=1 with the dash in the middle. Try fixing that first to see if it makes a difference.
Typically, I would say that the most likely culprit is your Vary header, as such headers often cause problems with caching in IE: http://blogs.msdn.com/ieinternals/archive/2009/06/17/9769915.aspx. You might want to try adding a ETAG to the response headers.
Fiddler should have no impact on cacheability (unless you've written rules), and it sounds like you're saying that it does, which suggests that perhaps there's a timing problem of some sort.
>Do not save encrypted pages to disk security option used to be disabled by default
This option is still disabled by default (in IE6, 7, and 8), although IT Administrators can turn it on via Group Policy, and some major companies do so.
Incidentally, the reason you see the certificate error while running Fiddler is that you haven't elected to trust the Fiddler root certificate; see http://www.fiddler2.com/fiddler/help/httpsdecryption.asp for more on this topic.
经过两周的徒劳无功的追逐后,我一直无法找到任何代码更改组合,以允许在“不将加密页面保存到磁盘”时使用这种流式传输 PDF、Excel 或 Word 文档的方法' 选项已打开。
微软在许多知识库文章和私人电子邮件中表示,这种行为是设计使然。 看来,当“不将加密的页面保存到磁盘”选项打开时,IE 会正常运行并按照指示执行操作。 这篇文章是我迄今为止找到的最好的资源解释了为什么要启用此设置以及启用它的优点和缺点:
目前我们能找到的最佳解决方案是向我们的客户和用户传达使用此设置的替代方案:
After two weeks on a wild goose chase, I have not been able to find any combination of code changes that will allow this method of streaming PDF, Excel or Word documents when the 'Do not save encrypted pages to disk' option is turned on.
Microsoft has said this behavior is by design in a number of KB articles and private emails. It appears that when the 'Do not save encrypted pages to disk' option is turned on that IE is behaving correctly and doing what it is told to do. This post is the best resource I have found so far that explains why this setting would be enabled and the Pros and Cons of enabling it:
The best solution we can find at this point is to communicate to our clients and users that alternatives exist to using this setting:
我发现这似乎对我有用:
I found that this seemed to work for me:
我对想要流式传输的 PDF 文件也遇到了类似的问题。 即使使用 Response.ClearHeaders() ,我也看到在运行时添加了 Pragma 和 Cache-Control 标头。 解决方案是清除 IIS 中的标头(在加载 PDF 的页面上右键单击 ->“属性”,然后选择“Http 标头”选项卡)。
I had a similar problem with PDF files I wanted to stream. Even with
Response.ClearHeaders()I saw Pragma and Cache-Control headers added at runtime. The solution was to clear the headers in IIS (Right-click -> Properties on the page loading the PDF, then "Http headers" tab).已解决:这是 IE 问题,而不是应用程序问题...
修复此问题:http://support.microsoft.com/kb/323308
经过很长时间的尝试,它对我来说非常有效。
ATT:黑暗先生
SOLVED: This is an IE problem, not from aplication...
fix it with this: http://support.microsoft.com/kb/323308
It work perfect for me, after try for a long time.
ATT: Mr.Dark
很久以前我们就面临过类似的问题——我们所做的就是我们(这就是 Java EE)。 在 Web 应用程序配置中,我们添加
这将使来自 Web 应用程序的任何 pdf 被下载,而不是浏览器尝试渲染。
编辑:看起来您正在流式传输。 在这种情况下,您将在代码中而不是在配置中使用 mime 类型作为应用程序/八位字节流。 所以这里代替
你将使用
We have faced a similar problem long time back - what we did was we (this is Java EE). In the web application config we add
This will make any pdf coming from your web application to be downloaded instead of the browser trying to render.
EDIT: looks like you are streaming it. In that case you will use a mime-type as application/octet-stream in your code and not in the config. So here instead of
you will use
什么版本的IE? 我记得 Microsoft 针对此问题发布了IE6 修补程序。 希望这有一些用处吗?
What version of IE? I recall that Microsoft released a Hotfix for IE6 for this issue. Hope that is of some use?
我读到了您的缓存控制鹅追逐,但我会分享 我的,满足我的需求,以防有帮助。
I read of your Cache-control goose chase, but I'll share mine, that met my needs, in case it helps.
尝试禁用 gzip 压缩。
try to disable gzip compression.
将其添加到此处希望有人会发现这很有用,而不是通过链接。
这是我的代码
Adding it here hoping that someone might find this useful instead going through the links.
Here is my code
就像OP一样,我花了好几天的时间试图让它发挥作用,但我最终做到了,所以我想我应该分享我的标题“组合”:
希望这可以为某个地方的某人节省一些痛苦!
Like the OP I was scratching my head for days trying to get this to work, but I did it in the end so I thought I'd share my 'combination' of headers:
Hope that saves someone somewhere some pain!
我在尝试通过 SSL 传输 PDF 并将其放入 iframe 或对象中时遇到了类似的问题。 我发现我的 aspx 页面会不断重定向到 URL 的非安全版本,并且浏览器会阻止它。
我发现从 ASPX 页面切换到 ASHX 处理程序解决了我的重定向问题。
I was running into a similar issue with attempting to stream a PDF over SSL and put this inside an iframe or object. I was finding that my aspx page would keep redirecting to the non-secure version of the URL, and the browser would block it.
I found switching from an ASPX page to a ASHX handler fixed my redirection problem.