Browser File Handling was introduced into
SharePoint 2010 as a security feature and the same applies to SharePoint 2013.
When a user requests a file within SharePoint, the web server (IIS) will
respond including the HTTP Response Header.
if Browser File Handling is set to Strict and the file
(MIME) type accessed is not on the Web Applications trusted file (MIME) type
list. This header works in conjunction with Internet Explorer (version 8 or
higher) to prevent potential security risks when accessing files online and
will stop files from being directly opened.
Browser File
Handling Options
There are two options for Browser File Handling
– “Strict” and “Permissive”.
1) “Strict”
specifies the MIME types which are not listed in a Web Application’s
AllowedInlineDownloadedMimeTypes property (more on this in a bit) are forced to
be downloaded.
2) “Permissive”
specifies that the HTML and other content types which might contain script are
allowed to be displayed directly in the browser. In other words, no matter what
the type of content, if it lives within SharePoint, the file will open in your
browser.
1) “Strict” specifies the MIME types which are not listed in a Web Application’s AllowedInlineDownloadedMimeTypes property (more on this in a bit) are forced to be downloaded.
2) “Permissive” specifies that the HTML and other content types which might contain script are allowed to be displayed directly in the browser. In other words, no matter what the type of content, if it lives within SharePoint, the file will open in your browser.
Managing Browser File Handling
It is important to note that
a Browser File Handling property (BrowserFileHandling) exists in the following
locations:
- Each Web Application has a Browser File Handling
Property
- Each List has a Browser File Handling Property
- Each Document Library has a Browser File Handling
Property
- Each IIS Server has a Browser File Handling Property
that applies when Blob Cache is used on that server
Security
Guidance and Overall Recommendation
It is recommended that for
all Web Applications, you keep the default Browser File Handling setting –
Strict. This promotes the best security practice and if you require MIME type
exceptions, then add the specific MIME type to your Web Application’s
AllowedInlineDownloadedTypes property list.
For
example, If you want to add PDF files to be opened directly, you can use
PowerShell to add the PDF file type to the AllowedInlineDownloadMimeTypes.
To do this for single Web Applications, use the
following line of code:
$webApplication = Get-SPWebApplication
“http:/yourwebapplicationurl”
$webAppApplication.AllowedInlineDownloadedMimeTypes.Add(“application/pdf”)
$webApplication.Update()
This
is the best practice for allowing the MIME type for a PDF in a SharePoint
environment
To do this for single Web Applications, use the following line of code:
$webApplication = Get-SPWebApplication “http:/yourwebapplicationurl” $webAppApplication.AllowedInlineDownloadedMimeTypes.Add(“application/pdf”)
$webApplication.Update()
This is the best practice for allowing the MIME type for a PDF in a SharePoint environment
Note : At times it would be a browser setting as well.
Open Internet Explorer, and choose Tools > Manage Add-ons.
Under Add-on Types, select Toolbars and Extensions.
In the Show menu, select All Add-ons.
In the list of add-ons, select Adobe PDF Reader.
Click the Enable or Disable button (it toggles depending on the status of the selected add-on):
- Enable sets the Adobe PDF Reader add-on to open PDFs in the browser.
- Disable turns off the add-on so it does not open PDFs in the browser.
References:
https://helpx.adobe.com/acrobat/using/display-pdf-in-browser.html
- Enable sets the Adobe PDF Reader add-on to open PDFs in the browser.
- Disable turns off the add-on so it does not open PDFs in the browser.
https://helpx.adobe.com/acrobat/using/display-pdf-in-browser.html
No comments:
Post a Comment