IE throws “File Download Security Warning” on form submit

27 05 2009

I came across with this weird IE bug(occurs in IE-6 and IE-7 not in IE-8) that throws a File Download Security Warning on form post.

File download security warning

File download security warning

This is the code for the corresponding action inside controller

def update
 respond_to do |format|
  format.js   {....}
  format.html {....}

* I guess this bug will only propagate if respond_to is used

I put a debugger after the respond_to line and made a http post request through IE6 and IE7 browsers and hooked into the request parameters.

request.format => #<Mime::Type:0x7b567a4 @string="image/jpeg", @synonyms=[], @symbol=nil >
request.format.html? => nil

Making the same the request through Firefox returned this

request.format => #<Mime::Type:0x55da8b8 @string="text/html", @synonyms=["application/xhtml+xml"], @symbol=:html >
request.format.html? => true
request.format.js? => false

So one thing came into light that there is no Mime::Type registered for “images/jpeg” i.e format sent by IE

Looking at Rails 2.1.0 code actionpack/lib/action_controller/request.rb line no: 92

# Returns the Mime type for the format used in the request. If there is no format available, the first of the 
# accept types will be used. 
def format
  @format ||= parameters[:format] ? Mime::Type.lookup_by_extension(parameters[:format]) : accepts.first

And that brought me to the solution.If no request format is available, which is the case with IE, then the first format will be picked up.So moving format.html above the format.js will solve the problem(or i should say format.html should be the first format defined)

def update
 respond_to do |format|
  format.html {....}
  format.js   {....}

Or we can also use format.any to our rescue(instead of moving format.html)

def update
 respond_to do |format|
  format.js   {....}
  format.any  {....}



8 responses

8 08 2009

Has to be the best solution ever. Thanks for posting this.

10 09 2009

Thanks, man
you save me the morning!


2 11 2009

Dude…. I have been trying to solve this problem for EVER. You are *THE* man! Thank you so much.

15 11 2009


7 04 2010

Hi, thanks for the post.

Putting format.html before all other formats will work, but format.any will break page rendering in IE7 and IE8, at least in my experience. I am not quite sure why this may happen, but I guess the IE is not able to detect the MIME type anymore and thus displays plain HTML source.

Another issue with IE is the faulty request format which will appear mostly, but not limited to, when a page is being accessed which has been cached by the browser. A solution for this is a simple initializer:

5 06 2012
Dip Lick

This post save my life.
IE sux

27 02 2013

This specific blog, “IE throws File Download Security Warning on form submit | Rails all the way” congnghenhietlanh demonstrates the fact that u actually know
just what exactly u are speaking about! I definitely
agree. With thanks ,Jessie

23 03 2013

I personally desire to book mark this particular posting,
“IE throws File Download Security Warning on form submit | Rails all the way” Window Treatment Ideas on my web
page. Do you mind if I reallydo it? Thx ,Lilla

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: