SharePoint 2010 treats PDF (and other file types) as insecure

The problem

In SharePoint 2010, SharePoint web applications (thus this is a per ‘url’ setting, for content, My Sites, etc.) ‘browser file handling’ is set to ‘strict’ be default.


The Result

When you try to open a PDF (or other file types), you will have the option to open to read/edit but then be immediately prompted to save the file.


Figure 1 – Looking good and then…


Figure 2 – Oh Crap


The Fix

Should you want to turn off this behaviour (starting with strong security is good, but 1000 whining end users will likely overcome this setting), do the following:

  • In Central Administration / Application Management / Manage Web Applications

Figure 3 – Open Web Applications in Application Management


Figure 4 – Select the Web Application and choose General Settings


Figure 5 – set to Permissive and click Ok


An IISRESET, etc. is not necessary.


About Browser File Handling

Specifies whether additional security headers are added to documents served to web browsers. These headers specify that a browser should show a download prompt for certain types of files (for example, .html) and to use the server’s specified MIME type for other types of files.

  • Permissive Specifies no headers are added, which provides a more compatible user experience.
  • Strict Adds headers that force the browser to download certain types of files. The forced download improves security for the server by disallowing the automatic execution of Web content that contributors upload.


Original Reference:

One response to “SharePoint 2010 treats PDF (and other file types) as insecure

Comments are closed.