Recently I twitted on the idea that some ECM applications can’t even do a file download “right”, much less more esoteric features like social interaction enablement. Although that twit was a bit of a rant, it is fundamented by the fact that I’ve encoutered several applications (Webtop being one) in which downloading a file is sometimes a (technical) challenge and fails unexpectantly. But I digress…
As life always has a way of coming back at you.. the next day I’ve noticed a support issue on my team in which one of our customers complained that if it tries to download a dynamically generated file then a blank browser window appears and remains open. The download was ok, but the window was annoying. On IE6 only.
Want to bet what we were ready to say to the customer? “It’s IE6’s fault! Get rid of it or change a certain setting to make it work (which setting… nobody knows)”. Some call that the Russel Crowe move.
Remembering what I’ve just said publicly to the world and wanted to not be in the same category with the “ECM dudes which can’t implement a file download right”, I looked into the problem myself.
It’s a simple thing: downloading a secured file (dynamically generated or not, doesn’t matter).
So, I advised the team to go back to the old school ways of putting that URL into a HTML <A> tag and get it over with.
So location.href does not work either (although it has that interesting result, I always wondered how that was done…now I know).
What about the old school <A HREF=””> tag? Yes, that works. Flawlessly. Simple, clean and nice.
PS: if someone wishes to see a “button” not a text link, just enclose a IMG, border=0 with A. Add CSS to simulate on hover changes and be done with it (sorry to say such trivial things, but I think it helps).
Ok, so here is how to properly (in my opinion) implement a file download action:
– use <A> and target it to the URL of a server side script/servlet/something which returns the content
– the server side should return something like this:
Expires: Thu, 01 Jan 1970 00:00:00 GMT
A few “thumb” rules here:
– Always put Content-Type response header before Content-Disposition header. Some browsers have a problem with a reversed order.
– the filename must be enclosed in quotes. If you don’t, some (most) browsers will not display the proper name of the file to be dowloaded
– be careful of the spaces, colons and quotes int the content-disposition header. they matter
– in IE6 the content-disposition header can’t be too large
Some reading to be done to understand the above:
And here: http://support.microsoft.com/kb/260519
And here: http://www.ietf.org/rfc/rfc1806.txt
I hope this helps. And please, dev guyz & galz… don’t follow the easy path of web frameworks (eg. IceFaces) on all counts. Going back to the roots is not that bad and keeps your software resilient.