Menu
We have a web site that makes several PDFs available for download. The PDFs might be static, or dynamically generated. They are downloaded using one of several mechanisms (static-URL, post back/redirect/meta-refresh/etc.). For certain PDF files, Chrome downloads them without complaint. For others, it warns the user that "This type of file can harm your computer. Are you sure you want to download ..." and requires an extra click.
What information is Chrome using to decide whether to show the message? Obviously, it's not simply the fact that the file is a PDF.
To be clear, I want to do something on the server side (we use IIS/ASP.NET, if it matters) to prevent the message from ever appearing. I'm not interested in a solution that has each user disable the message in their browser (if that's even possible).
Thank you.
330
This is due to an issue with security certificates, and many times is not the fault of your computer or your web browser at all. These certificates are what websites use to prove they are who they say they are on the internet, and if your browser detects an issue with a certificate, it will issue a warning.
It's a quick fix if you follow these steps: Step 1: Open Chrome and type "about:plugins" into the omnibox at the top. Step 2: Scroll down and find Chrome PDF Viewer. Step 3: Click the "Disable" link to prevent PDFs from loading within Chrome.
Sometimes even when setting Adobe Acrobat DC as the Default, downloaded PDFs will open in Chrome instead. This is because Chrome is set to use it's integrated PDF viewer when files are downloaded by default. You will need to turn this off to make it go away.
TL;DR: Chrome has a variety of client-side heuristics used to determine a file's safety. I don't believe there's anything you can do to ensure that a file is marked "safe", but I'll point at some things that might help.
A good amount of logic goes into determining whether or not that prompt should be shown. Happily, Chromium is open source, so that logic is available for you to peruse. I'm not incredibly familiar with the download code, but the best place to start would almost certainly be ChromeDownloadManagerDelegate::IsDangerousFile. That ends up calling out to download_util::GetFileDangerLevel and download_util::IsExecutableMimeType which seem to be where the checks against mime types and paths live.
Based on a quick read, I'd imagine that the redirects are at least part of the cause, as those aren't directly related to a user gesture. Clicking directly through to the download is "safer" in this context than clicking on something, and being redirected through a variety of trackers and dispatchers, as the user can't be expected to follow along.
The heuristic also takes into account whether you've been to a particular URL or domain before; that could also have an impact on certain files showing up as "safe" and others not.
71
You could try content-disposition: inline instead of content-disposition: attachment (see http://code.google.com/p/chromium/issues/detail?id=65895)
21
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
