Sunday, October 30, 2011

HTTP Header Manager Feature for SharePoint 2010

What is it?
This is a Web Application scoped feature that will strip HTTP response headers out of configured content.

WTH?
Ever forced to download your PDF after uploading it to a document library? Tried to embed a Shockwave/Flash file in a SharePoint 2010 page and have it not work? Then you searched for the solution and it was “just downgrade your server’s security level by changing the Web App’s file handling mode from strict to permissive”. Yeah – downgrading server security is always a great solution. Just make sure you add your SSN to the footer of every page. </sarcasm> Wrote a post on all this – you probably missed it… but that’s cool.

What it does is…

  • Adds a HttpModule to the web app it is activated in. I know, I know – performance blah blah. It is a very quick check to the requested file extension, so it should impact your precious pipeline minimally. Got a better way? Let me hear about it.
     
  • Adds a custom config section to the web.config of the web app. The section references an external configSource…
     
  • Adds a config file named ManagedHeaders.config to the root of the web app. This is where the action is – update this file to add new file types to be 'excluded’ from the strict mode handling.


Below is the default ManagedHeaders.config. Once it is in place, change it to be whatever you want. It is pretty self-explanatory – add an extension, then configure the headers to remove from the response. Also possible to add headers, but that is a different blog post… 

<?xml version="1.0" encoding="utf-8" ?>
<ManagedHeaders>
<extensions>
<add extension="html" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="pdf" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="swf" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="flv" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="csv" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
</extensions>
</ManagedHeaders>


The Files:
Below are links to a WSP as well as a Visual Studio 2010 project, in case you want to look at what is in the WSP, or make any changes.






2 comments:

  1. Hmmm... no comments and over 500 downloads of the code... Not even a 'this crappy code sucks' comment.

    Guess there more people out there like me than I thought!

    ReplyDelete
  2. Your blog has given me that thing which I never expect to get from all over the websites. Its very easy to understand and very helpful. Nice post guys!


    https://www.papdan.com/2017/10/02/node-js-understands-measures-http-timings/

    ReplyDelete