IE throws “File Download Security Warning” on form submit

27 05 2009

I came across with this weird IE bug(occurs in IE-6 and IE-7 not in IE-8) that throws a File Download Security Warning on form post.

File download security warning

File download security warning

This is the code for the corresponding action inside controller

def update
 respond_to do |format|
  format.js   {....}
  format.html {....}
 end
end

* I guess this bug will only propagate if respond_to is used

I put a debugger after the respond_to line and made a http post request through IE6 and IE7 browsers and hooked into the request parameters.

request.format => #<Mime::Type:0x7b567a4 @string="image/jpeg", @synonyms=[], @symbol=nil >
request.format.html? => nil

Making the same the request through Firefox returned this

request.format => #<Mime::Type:0x55da8b8 @string="text/html", @synonyms=["application/xhtml+xml"], @symbol=:html >
request.format.html? => true
request.format.js? => false

So one thing came into light that there is no Mime::Type registered for “images/jpeg” i.e format sent by IE

Looking at Rails 2.1.0 code actionpack/lib/action_controller/request.rb line no: 92

# Returns the Mime type for the format used in the request. If there is no format available, the first of the 
# accept types will be used. 
def format
  @format ||= parameters[:format] ? Mime::Type.lookup_by_extension(parameters[:format]) : accepts.first
end

And that brought me to the solution.If no request format is available, which is the case with IE, then the first format will be picked up.So moving format.html above the format.js will solve the problem(or i should say format.html should be the first format defined)

def update
 respond_to do |format|
  format.html {....}
  format.js   {....}
 end
end

Or we can also use format.any to our rescue(instead of moving format.html)

def update
 respond_to do |format|
  format.js   {....}
  format.any  {....}
 end
end
About these ads

Actions

Information

8 responses

8 08 2009
Kris

Has to be the best solution ever. Thanks for posting this.

10 09 2009
Igor

Thanks, man
you save me the morning!

Cheers!

2 11 2009
Carse

Dude…. I have been trying to solve this problem for EVER. You are *THE* man! Thank you so much.

15 11 2009
berk

saas

7 04 2010
punkrats

Hi, thanks for the post.

Putting format.html before all other formats will work, but format.any will break page rendering in IE7 and IE8, at least in my experience. I am not quite sure why this may happen, but I guess the IE is not able to detect the MIME type anymore and thus displays plain HTML source.

Another issue with IE is the faulty request format which will appear mostly, but not limited to, when a page is being accessed which has been cached by the browser. A solution for this is a simple initializer: http://gist.github.com/359176

5 06 2012
Dip Lick

This post save my life.
IE sux

27 02 2013
Gabriel

This specific blog, “IE throws File Download Security Warning on form submit | Rails all the way” congnghenhietlanh demonstrates the fact that u actually know
just what exactly u are speaking about! I definitely
agree. With thanks ,Jessie

23 03 2013
Yahoo.Com

I personally desire to book mark this particular posting,
“IE throws File Download Security Warning on form submit | Rails all the way” Window Treatment Ideas on my web
page. Do you mind if I reallydo it? Thx ,Lilla

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Follow

Get every new post delivered to your Inbox.

%d bloggers like this: