The correct type is application/pdf for PDF, not application/force-download. This looks like a hack for some legacy browsers. Always use the correct mimetype if. Solved: When adding a PDF as attachment to a page, the content type of the attachment is usually set to application/pdf. However, sometimes it is. It#;s quite a common scenario with the web to want to force a file to some http response headers: Content-Type: application/octet-stream.
|Language:||English, Indonesian, Portuguese|
|Genre:||Fiction & Literature|
|ePub File Size:||22.36 MB|
|PDF File Size:||8.84 MB|
|Distribution:||Free* [*Registration needed]|
Force Downloads by setting the correct mime type. GitHub Gist: instantly share code, notes, and snippets. Adding or modifying Content-Disposition headers on the fly to Content- Disposition: attachment for MIME type application/pdf should help force. The file type can be specified by the server with a Content-Type header. I've seen application/force-download used - which ends up as a.
What are MIME types? MIME types describe the media type of content either in email or served by web servers or web applications and are intended to help guide a web browser in how the content is to be processed and displayed.
Why are correct MIME types important? If the web server or application reports an incorrect MIME type for content, a web browser has no way, according to the HTTP specification, of knowing that the author actually intended the content to be processed and displayed in a way different from that implied by the reported MIME type. This has sheltered many web administrators from their own errors, since Internet Explorer will continue to process content as expected even though the web server is misconfigured, e.
How to Force the Download of a File with HTTP Headers and PHP
Serving content using the correct MIME type can also be important for security reasons; it's possible for malicious content to affect the user's computer by pretending to be a safe type of document when it is in fact not. Gecko 1. If the browser guesses the MIME type, this option is no longer available to the author. Security Some content types, such as executable programs, are inherently unsafe.
For this reason these MIME types are usually restricted in terms of what actions a web browser will take when given content of that type.
An executable program should not be executed on the user's computer and at most should cause a dialog to appear asking the user if they wish to download the file. Sometimes it's because the site dev has no idea what they're doing.
That's usually because the site sends a Content-Disposition header in the response. Specifically, it can send either inline or attachment.
If you open your browser's developer tools, you'll see that particular link sends the following response headers:. This tells the browser to always download attachment the file, and to give it the default filename of Schubert-SonataB-flat.
When a Content-Disposition is inline or unspecified , the browser will try to open the file in the default embedded viewer. This only works when the browser knows what file type it is, and the browser knows how to open that type.
The file type can be specified by the server with a Content-Type header. This is the most generic type, and it tells the browser that the file is just arbitrary data - at which point the only thing the browser can do is download it in theory - we'll get to that.
When a Content-Type is not specified by the server and sometimes even when it is , the browser can perform what is known as sniffing to try to guess the type by reading the file and looking for patterns.
Upon receiving a file with an inline or unspecified disposition, the browser needs to try to open it within the browser if possible. To do this, it looks at the file type, and if it recognises the type it will try to open it.
Since it's supposed to be the most generic type, denoting an arbitrary stream of bytes, there isn't supposed to be any handler that can apply to all files of this "type". Some websites have also used non-standard types. To see how PDFs are handled, we can delve a bit into web history. See, in the past, browsers had no idea what a PDF is.
What are MIME types and how can I define them on my server?
So they could not open it. Those were most generically known as plugins. These plugins were capable of doing everything any other program could, and could additionally register themselves as a handler for a specific file type that might be otherwise unrecognised by the browser.
Incidentally, this was later found to be a huge security risk and support for these powerful plugins was gradually dropped Of course, after a number of security and performance issues caused by these plugins, the major browser vendors decided to incorporate their own PDF viewers while phasing out support for most plugins. There's actually still some leftover controls for this, e.
In the past, this would have allowed the choice between multiple plugins that registered that type. For example, the list of registered types for Flash:. Those days were also before a lot of the media support that came with HTML5. You would see plugins provided by media players like VLC or even Windows Media Player, or websites would embed a media player built in Flash.
I found an explanation.
For security reasons, most browsers do not allow setting a custom default action for such resources, forcing the user to store it to disk to use it. This instructs the browser to download the file, rather than to open it directly. There is a Chrome add-on that can override this behavior. The following image is from the Firefox developer tools:.
File types and download actions
The results are in! See what nearly 90, developers picked as their most loved, dreaded, and desired coding languages and more in the Developer Survey.
Home Questions Tags Users Unanswered. Why does Chrome sometimes download a PDF instead of opening it?Having uppercase characters in my filename caused Chrome to open the file in the in-browser PDF viewer but changing these to lowercase caused the file to download, as intended.
I want my files to be displayed in the browser and not downloaded.
Related A curious user could easily gain access to sensitive database connection information or other system data by entering something like? If you don't want the browser to prompt the user then use "inline" for the third string instead of "attachment". The PDF specification places no restrictions on types of files that may be embedded, so Hardy, et al.