Pragmatism in the real world

Sending a file to IE using SSL

I keep coming across this one, so I’m noting it here so I can find it again.

Internet Explorer doesn’t like certain headers related to caching when you send it a file from an SSL site. The Microsoft knowledge base article, Internet Explorer is unable to open Office documents from an SSL Web site explains the problem quite well:

When you attempt to open or download a Microsoft Office document (.doc file, .xls file, .ppt file, and so on) from a secure Web site in Internet Explorer, you may receive one of the following error messages, even though the document is available and downloaded from the server

It turns out that the problem is directly due to sending these headers:

Pragma: no-cache
Cache-control: no-cache,max-age=0,must-revalidate

So, make sure you don’t!

Incidentally, IE6 also gets upset if you set max-age to 0 and attachment to inline, so don’t do that either!