I'm using a recent version of Chrome, and when I view a pdf in the browser I'd like to download the file.
When I attempt to download it, it is supposed to have the name "index.pdf".
However, when attempting to download the file I get a "Network Error" and the filename is "download" instead of "index.pdf"
These are the current headers I have for the chrome pdf plugin:
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Disposition: inline; filename=index.pdf
Content-Type: application/pdf;charset=iso-8859-1
Date: Fri, 07 Dec 2018 16:42:16 GMT
Expires: -1
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Related
I'm trying to use the google drive API using a device_code from the Google API. In the documentation, the Google Drive scope doesn't seem to be listed:
https://developers.google.com/identity/protocols/OAuth2ForDevices#allowedscopes
However, in the exact same page, they have an example that uses the Google Drive API in the https://developers.google.com/identity/protocols/OAuth2ForDevices#callinganapi
When I try connecting using any google Drive scope, with the following request:
POST /o/oauth2/device/code HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: accounts.google.com
Connection: close
User-Agent: Paw/3.1 (Macintosh; OS X/10.12.4) GCDHTTPRequest
Content-Length: 136
client_id=clientid&scope=https://www.googleapis.com/auth/drive.readonly
I get this answer:
HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 23 May 2017 03:02:31 GMT
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alt-Svc: quic=":443"; ma=2592000; v="37,36,35"
Accept-Ranges: none
Vary: Accept-Encoding
Connection: Close
{
"error" : "invalid_scope"
}
I'm just wandering since there is a difference in the documentation if it is or isn't possible to do it, if I made a mistake or not.
This one works:
view-source:http://code.jquery.com/jquery-2.0.3.min.js
This one does not:
view-source:http://pagead2.googlesyndication.com/pagead/show_ads.js
The network status is "canceled". Response headers:
HTTP/1.1 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=UTF-8
ETag: 18135184975683587730
Date: Thu, 11 Jul 2013 10:00:44 GMT
Expires: Thu, 11 Jul 2013 11:00:44 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Content-Encoding: gzip
Server: cafe
Content-Length: 6489
X-XSS-Protection: 1; mode=block
Age: 2014
Cache-Control: public, max-age=3600
Without "view-source" I'm able to download the file and view the source but I want to know why this happens.
A strange thing in addition is, that it is not possible to open the web delevoper tools after opening this view-source url. If you do, the tools are completely blank:
I'm taking a guess here: it has to do with the Content-Disposition setting in the Response Header.
Reference: http://support.microsoft.com/kb/260519.
I am using Fiddler on Google and I noticed that a content type json is arriving as follows:
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2011 22:55:56 GMT
Expires: -1
Cache-Control: no-cache, must-revalidate
Content-Type: application/json; charset=UTF-8
Pragma: no-cache
Content-Disposition: attachment
Content-Encoding: gzip
Server: gws
Content-Length: 317
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
--some big big big big encoded stuff here...--
So the question is: can I use some tool or create some code to unzip this result and see what is inside of --some big big big big encoded stuff here...--?
It seems I can click on the request on the left panel, then choose on Fiddler right bottom panel, click on Transformer tab, uncheck Chunked Transfer-Encoding and click No Compression.
Then click on Raw tab.
I'm trying to do HEAD requests to follow 302 links, however this link: http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNGrJk-F7Dmshmtze2yhifxRsv8sRg&url=http://www.mtv.com/news/articles/1647243/20100907/story.jhtml
is troublesome because a HEAD request returns a 200 OK and a GET request returns the expected 302 Status code.
So I'll need to do a GET request but I'd rather not have to pay for the extra bandwidth times that will come from getting the entire HTML document. Anyone know a hack to do a GET without getting the body returned?
UPDATE: took David's advice to do a Range header but they seem to still be ignoring it
GET /news/url?sa=t&fd=R&usg=AFQjCNGrJk-F7Dmshmtze2yhifxRsv8sRg&url=http://www.mtv.com/news/articles/1647243/20100907/story.jhtml HTTP/1.1
Range: bytes=0-10
x-ms-range: 0-600
Host: news.google.com
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=UTF-8
Location: http://www.mtv.com/news/articles/1647243/20100907/story.jhtml
Content-Length: 258
Date: Wed, 08 Sep 2010 20:28:16 GMT
Expires: Wed, 08 Sep 2010 20:28:16 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Set-Cookie: PREF=ID=ef5f1bc768645c5e:TM=1283977696:LM=1283977696:S=5n26IrEDpcQTJIb1; expires=Fri, 07-Sep-2012 20:28:16 GMT; path=/; domain=.google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
here.
</BODY></HTML>
File a bug with the web server's owner.
Try using the Range header in your request.
If that doesn't work, can you just hang up the connection after you get the headers you want?
In the specific example you cite, you could just pull it out of the original URL's "url" parameter. But for a more generic approach, I'd stick to David M.'s suggestions
I found out that when pressing back button it gets previous page from browser cache even if I send following headers:
Test1.aspx
Server ASP.NET Development Server/9.0.0.0
Date Wed, 24 Mar 2010 17:49:40 GMT
X-AspNet-Version 2.0.50727
Location Test2.aspx
Cache-Control no-cache, no-store
Pragma no-cache
Expires -1
Content-Type text/html; charset=utf-8
Content-Length 189
Connection Close
expires should be a date+timestamp and cache-control"s "must-revalidata" & "max-age" might help as well?
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Cache-control and such things only tell browser NOT to save in cache the downloaded stuff (js, css, images, etc.). It does not relate with the History of visited pages.
You shouldn't try to modify browser's data. Instead, you'd handle events and stop the ones you don't want to happen in your site.
For me the following setting in the header worked:
Pragma: no-cache
Cache-Control: no-cache, no-store
Expires: 0