Chrome, pdf display, Duplicate headers received from the server

Question

I have a section on a website where I display a pdf inside a light box. The recent chrome upgrade has broken this displaying:

Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple Content-Disposition headers received. This is disallowed to protect against HTTP response-splitting attacks.

This still works correctly in IE.

I'm using ASP.NET MVC3 on IIS6

The code I use to generate the file is as follows.

If I remove the inline statement then the file downloads, however that breaks the lightbox functionality.

Problem Code

public FileResult PrintServices()
{
    //... unrelated code removed
    MemoryStream memoryStream = new MemoryStream();
    pdfRenderer.PdfDocument.Save(memoryStream);
    string filename = "ServicesSummary.pdf";

    Response.AppendHeader("Content-Disposition", "inline;");

    return File(memoryStream.ToArray(), "application/pdf", filename);
}

---

The Fix

Remove

Response.AppendHeader("Content-Disposition", "inline;");

Then Change

return File(memoryStream.ToArray(), "application/pdf", filename);

to

return File(memoryStream.ToArray(), "application/pdf");

Answer 1

This solution will preserve filename AND open file in browser (.net mvc)

Response.Headers["Content-Disposition"] = "inline;filename=\"" + theFile.filename + "\"";
return File(filePath, mimeType);//don't specify filename. It will create second Content-Disposition header

Answer 2

I was having the same issue and fixed it by just removing the file name from the return statement.

Change:

 return File(outStream.ToArray(), "application/pdf", "Certificate.pdf");

to:

 return File(outStream.ToArray(), "application/pdf");

And KEPT the:

Response.AddHeader("content-disposition", "attachment;filename=\"" + "Certificate.pdf" + "\"");

This still keeps the name for the downloaded file.

Answer 3

My issue was due to the double quote as shown below:

var encoding = System.Text.Encoding.UTF8;

*Response.AddHeader("Content-Disposition", string.Format("attachment; filename=**\"{0}\"**", HttpUtility.UrlEncode(file, encoding)));*

Changing the above to this worked!

*Response.AddHeader("Content-Disposition", string.Format("attachment; filename=**{0}**", HttpUtility.UrlEncode(file, encoding)));*

Answer 4

to fix this for any file type with a custom file name remove the (or similar headers)

Response.AppendHeader("Content-Disposition", "inline;");

and add

string fileName = "myfile.xlsx"
return File(fileStream, System.Web.MimeMapping.GetMimeMapping(Path.GetFileName(filePath)), fileName);

you can also use the filepath instead of a stream in the first parameter

Answer 5

I used @roryok's comment, wrapping the filename in quotes:

Response.AddHeader("content-disposition", "attachment; filename=\"" + FileName + "\"")

@a coder's answer of using single quotes did not work as expected in IE. The file downloaded with the single quotes still in the name.

Answer 6

Had this problem today. Per roryok and others, the solution was to put the filename in quotes.

Previous, Chrome FAIL:

header("Content-Disposition: attachment; filename=$file");

Current, Chrome OK:

header("Content-Disposition: attachment; filename='$file'");

Note the quotes around $file.

Answer 7

The solution above is fine if you don't need to specify the filename, but we wanted to keep the filename default specified for the user.

Our solution ended up being the filename itself as it contained some commas. I did a replace on the commas with "" and the file now delivers the document as expected in Chrome.

FileName = FileName.Replace(",", "")

Response.ContentType = "application/pdf"
Response.AddHeader("content-disposition", "attachment; filename=" & FileName)    
Response.BinaryWrite(myPDF)