IE throws “File Download Security Warning” on form submit

27 05 2009

I came across with this weird IE bug(occurs in IE-6 and IE-7 not in IE-8) that throws a File Download Security Warning on form post.

File download security warning

File download security warning

This is the code for the corresponding action inside controller

def update
 respond_to do |format|
  format.js   {....}
  format.html {....}

* I guess this bug will only propagate if respond_to is used

I put a debugger after the respond_to line and made a http post request through IE6 and IE7 browsers and hooked into the request parameters.

request.format => #<Mime::Type:0x7b567a4 @string="image/jpeg", @synonyms=[], @symbol=nil >
request.format.html? => nil

Making the same the request through Firefox returned this

request.format => #<Mime::Type:0x55da8b8 @string="text/html", @synonyms=["application/xhtml+xml"], @symbol=:html >
request.format.html? => true
request.format.js? => false

So one thing came into light that there is no Mime::Type registered for “images/jpeg” i.e format sent by IE

Looking at Rails 2.1.0 code actionpack/lib/action_controller/request.rb line no: 92

# Returns the Mime type for the format used in the request. If there is no format available, the first of the 
# accept types will be used. 
def format
  @format ||= parameters[:format] ? Mime::Type.lookup_by_extension(parameters[:format]) : accepts.first

And that brought me to the solution.If no request format is available, which is the case with IE, then the first format will be picked up.So moving format.html above the format.js will solve the problem(or i should say format.html should be the first format defined)

def update
 respond_to do |format|
  format.html {....}
  format.js   {....}

Or we can also use format.any to our rescue(instead of moving format.html)

def update
 respond_to do |format|
  format.js   {....}
  format.any  {....}

date_select, time_select doesn’t work with auto_prefix (object[])

11 03 2009

I ran into the following issue while i was dealing with a multi-model form where a Sport is being saved with associated Events

<%= render(:partial => "event", :collection => %>

This partial is being rendered for collection of events for new/edit Sport

<% new_or_existing = event.new_record? ? 'new' : 'existing' %>
<% prefix = "sport[#{new_or_existing}_event_attributes][]" %>

<% fields_for prefix, event do |e| -%>
 <%= e.time_select("best_time") %>
<% end -%>

Here is the problem:

For new Event, time_select name attribute should be:   sport[new][][best_time(5i)]
but this was being assigned:   sport[new][best_time(5i)]

Following error is thrown when this form is submitted

Status: 500 Internal Server Error
Conflicting types for parameter containers. Expected an instance of Hash but found an instance of Array

For more information regarding this issue you can go through this ticket

After digging into rails code this came into light

# rails/actionpack/lib/action_view/helpers/form_helper.rb:508

if @object_name.sub!(/\[\]$/,"")
  if object ||= @template_object.instance_variable_get("@#{Regexp.last_match.pre_match}") and object.respond_to?(:to_param)
   @auto_index = object.to_param
   raise ArgumentError, "object[] naming but object param and @object var don't exist or don't respond to to_param: #{object.inspect}"

So here @object_name would be “sport[new_event_attributes][]”
and @object_name.sub!(/\[\]$/,””) will return “sport[new_event_attributes]”
and @auto_index will set to nil

select_time internally calls option_with_prefix to assign name attribute for select element


def options_with_prefix(position, options)
 prefix = "#{@object_name}"
 if options[:index]
  prefix << "[#{options[:index]}]"
 elsif @auto_index
  prefix < "#{prefix}[#{@method_name}(#{position}i)]")

Work around: pass a non nil index value along with date_select or time_select

<% new_or_existing = event.new_record? ? 'new' : 'existing' %>
<% prefix = "sport[#{new_or_existing}_event_attributes][]" %>

<% fields_for prefix, event do |e| -%>
 <%= e.time_select("best_time", :index => || "") %>
<% end -%>

Etag in Rails

3 09 2007

What is an ETag and How does it work??

When a request is made for the first time then during page render, etag header is automatically inserted on 200 OK responses. The etag is calculated using MD5 of the response body.
On subsequent requests the etag is send along as request.headers[‘HTTP_IF_NONE_MATCH’] and compared with response.headers[‘ETAG’] . If they are equal then the response is changed to a 304 Not Modified and the response body is set to an empty string.

So how does that help??

  • ETag is used to expire the browser caching and for saving transfer of course!!
  • aggregators can tell which version of feed they have and thus server sends data only if some newer version is there.
  • no more cache based on page expiration.

A ruby snippet for showing ETags

require 'net/http'
# my rails app running on edge rails
http ="localhost", 3000)

# /controller/action
data = http.get2("/say")
p data.body
p data.header.each{|k,v| p "#{k} = #{v}"}

data2 = http.request_get("/say", {'If-None-Match' => data.header['etag']})
p data2.body
p data2.header.each{|k,v| p "#{k} = #{v}"}
# 304 not modified n body empty coz of no change in content