Sunday, July 8, 2012

Unable to Open PDF Directly from SharePoint 2010


After installing SharePoint 2010 your users may find that they can no longer open PDF files and are instead forced to save them to their local machine.

In Internet Explorer 8 Microsoft added a security feature to prevent script injection vulnerabilities caused by buggy client software. This feature is activated by a new HTTP header called X-Download-Options which can be set to noopen. When that header is passed with a file attachment Internet Explorer 8 will not provide the option to directly open the file, instead you must first save the file locally and then open it.

SharePoint 2010 utilizes this enhanced security feature in IE 8 to block the opening of file types it considers vulnerable to scripting or other attacks, such as PDFs. You can modify SharePoint's behavior by changing the Browser File Handling option in the Web Application General Settings of SharePoint 2010. Your options are permissive and strict, with strict being the default.

If your users demand that they open files directly from the web and you are willing to permit the additional security risk you can easily make this modification to your SharePoint web applications

If templates were created when your browser file handling for the web application was set to strict then document libraries within the template will also be strict. A document library has a BrowserFileHandling property of its own that and it inherits this from the web application. When you create a template, this property is included - so your template likely has the BrowserFileHandling property set to strict. When a new document library is created with this template, the BrowserFileHandling property is strict even though the web applications BrowserFileHandling property is set to Permissive in Central Adminsitration.

To correct the BrowserFileHandling issue for document libraries that have been created from a template see this post where I offer a solution to correct this via PowerShell. Also, it would be a good idea to recreate your template to mitigate this issue in the future

First we need to switch the browser File handling option to Permissive which the option is set to Strict by default. To do this follow the following steps:

    • In Central Administratrion click on manage web applications
    • Click on the web application and then click on general settings and then general settings again
    • Scroll down until you see the option browser file handling on the left hand side and then select the option Permissive

This will resolve the problem in most cases but if you find it doesnt resolved the problem for the whole website you will need to use powershell to change the permission to the whole site. Use the following powershell script to do this

Add-PSSnapin Microsoft.SharePoint.Powershell
$site = Get-SPSite(“http://mysubsitecollectionurl”)
$web = $site.OpenWeb()

foreach ($list in $Web.Lists) { if($list.title -match "Documents") { if($list.browserfilehandling -eq "Strict") { $list.browserfilehandling = "Permissive"; $list.update(); $site.url, $list.title, $list.browserfilehandling} } }

The script above will set the option of permissive to the whole site.

$webapp = Get-SPWebApplication http://” “
#Add PDF to allowed MIME type list

No comments:

Post a Comment