SharePoint 2010 default security does not let you open PDF Files, use permissive browser file setting to fix

0 0 votes

SharePoint 2010 default security does not let you open PDF Files, use permissive browser file setting to fix

by Mark Hazleton on 06/14/2010 07:51 0 comments , 803 views

When serving up Adobe Acrobat files (a.k.a. PDF) from your SharePoint 2010 server, you will not be able to open the file in your browser unless you tweak the default settings for “Browser File Handling” on the web application general settings.

thank to Michael Hacker for finding and documenting this feature.

Clipped from mphacker.spaces.live.com

Unable to Open PDF Directly from SharePoint 2010

In Internet Explorer 8 Microsoft added a security feature to prevent script injection vulnerabilities caused by buggy client software. This feature is activated by a new HTTP header called X-Download-Options which can be set to noopen. When that header is passed with a file attachment Internet Explorer 8 will not provide the option to directly open the file, instead you must first save the file locally and then open it.

SharePoint 2010 utilizes this enhanced security feature in IE 8 to block the opening of file types it considers vulnerable to scripting or other attacks, such as PDFs. You can modify SharePoint’s behavior by changing the Browser File Handling option in the Web Application General Settings of SharePoint 2010. Your options are permissive and strict, with strict being the default.

If your users demand that they open files directly from the web and you are willing to permit the additional security risk you can easily make this modification to your SharePoint web applications.