SharePoint Saturday 2012 Virginia Beach was great, like all of the SPSaturday’s in Virginia Beach before it.
I took this photo at the beginning of the kick off – a few minutes later, the seats in front of me were filled and people were standing along the walls.
Below is my HTML5 presentation. I welcome any and all feedback.
Some great advice here: http://www.codeproject.com/KB/sharepoint/debugging-sharepointjobs.aspx
…especially the part about restarting the timer service to see code changes take effect. So obvious… now! Would have saved me a plethora of time…
What is it?
This is a Web Application scoped feature that will strip HTTP response headers out of configured content.
WTH?
Ever forced to download your PDF after uploading it to a document library? Tried to embed a Shockwave/Flash file in a SharePoint 2010 page and have it not work? Then you searched for the solution and it was “just downgrade your server’s security level by changing the Web App’s file handling mode from strict to permissive”. Yeah – downgrading server security is always a great solution. Just make sure you add your SSN to the footer of every page. </sarcasm> Wrote a post on all this – you probably missed it… but that’s cool.
What it does is…
Below is the default ManagedHeaders.config. Once it is in place, change it to be whatever you want. It is pretty self-explanatory – add an extension, then configure the headers to remove from the response. Also possible to add headers, but that is a different blog post…
<?xml version="1.0" encoding="utf-8" ?>
<ManagedHeaders>
<extensions>
<add extension="html" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="pdf" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="swf" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="flv" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="csv" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
</extensions>
</ManagedHeaders>
The Files:
Below are links to a WSP as well as a Visual Studio 2010 project, in case you want to look at what is in the WSP, or make any changes.
So you got your site migrated to 2010 and were crazy enough to include Flash and PDF content. Have your testers tried clicking on links to those files yet? Or worse, looked at a page with embedded objects that link to those file types? If so, you have probably discovered that those files are on the SharePoint 2010 naughty list and are no longer served as inline content. While I suspect that this may be a subtle form of revenge from MS directed at Adobe (cannot help but like this), it would be way better if there was some way we could control it…
If you Google this issue, many people proudly report (in their blogs) the solution to be changing the Browser File Handling mode from ‘Strict’ to ‘Permissive’ for the web application:
Browser File Handling
You can specify whether additional security headers are added to documents that are served to Web browsers. These security headers specify that a browser shows a download prompt for certain types of files (for example, .html), and to use the server's specified Multipurpose Internet Mail Extensions (MIME) type for other types of files.
The Permissive setting specifies that no headers are added. The Strict setting adds headers that force the browser to download certain types of files. The forced download improves security for the server by disallowing the automatic execution of Web content. By default, the setting is Strict.ref: http://technet.microsoft.com/en-us/library/cc262107.aspx
Am I the only one who has a problem with downgrading a SharePoint security setting like this? Apparently so.
To resolve this, here is what I did so that an application may server PDF and Flash (and any other specific content) inline while remaining in strict mode for all other content currently on the ‘no inline’ list:
1. Create a Feature that deploys a new HttpModule in IIS. Say what you want about how they inspect every request, do it right and the impact is almost undetectable.
2. Within that HttpModule, check the current requested file’s extension.
3. Using a custom configuration section, allow a set of ‘handled’ extensions to be defined, along with a set of HTTP headers to be removed.
4. Deploy your solution and add in sections to remove the X-Download-Options, X-Content-Type-Options, Content-Disposition headers from FLV, PDF, and SWF files
Simple. Here is an example of what one of our config files looks like to allow PDF, SWF, and FLV files to be served inline:
<add extension="pdf" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="swf" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
<add extension="flv" removedHeaders="X-Download-Options;X-Content-Type-Options;Content-Disposition" />
As you might be able to tell, the solution also allows you to add headers to a specific file type, which would let you add to SharePoint’s inline naughty list if you should some day have a need for it.
If you are reading this and say to yourself ‘Hmmm – this sounds useful, sure wish I had the code for it…’ then you are in luck – just leave a comment and the code shall be posted!! Otherwise, I ain’t going to bother with it – already bothered enough firing up Live Writer to post this post.
[Update!] I finally got around to posting the files! They are at the bottom if this post here.
So there I was, moving a 2007 Web from a site collection in a 2007 Farm to a site collection in a 2010 Farm [Some day I will get around to a long post about that – don’t hold your breath though] and I was going through the differences between the 2007 web and the 2010 web with a fine toothed comb (aka custom utility I wrote up for the purpose) when I found a difference in list templates:
2007 Web
<listTemplate Name="Document Library" BaseType="DocumentLibrary" CategoryType="Libraries" Description="Create a document library when you have a collection of documents or other files that you want to share. Document libraries support features such as folders, versioning, and check out." DocumentTemplate="101" FeatureId="00bfea71-e717-4e80-aa17-d0c71b360101" Hidden="False" InternalName="doclib" IsCustomTemplate="False" Type="DocumentLibrary" Unique="False" />
2010 Web
<listTemplate Name="Document Library" BaseType="DocumentLibrary" CategoryType="Libraries" Description="A place for storing documents or other files that you want to share. Document libraries allow folders, versioning, and check out." DocumentTemplate="121" FeatureId="00bfea71-e717-4e80-aa17-d0c71b360101" Hidden="False" InternalName="doclib" IsCustomTemplate="False" Type="DocumentLibrary" Unique="False" />
See the difference? You should, since I highlighted it and all. Yes, the descriptions are also different, but I think you are safe from that difference causing widespread problems...
Having different doc templates for the doc library lists warranted some further investigation – just to make sure this was not going to be an issue. So checking into the document templates referenced by each, we have:
Template 101
<DocumentTemplate Path="STS" DisplayName="$Resources:core,doctemp_Word97;" Type="101" Default="TRUE" Description="$Resources:core,doctemp_Word97_Desc;">
Template 121
<DocumentTemplate Path="STS" DisplayName="$Resources:core,doctemp_Word;" Type="121" Default="TRUE" Description="$Resources:core,doctemp_Word_Desc;">
Result: Rather than have SharePoint 2010 date itself (2010 is last year at the time of this writing), it now shows the generic ‘Microsoft Office Word document’ as the type name, as opposed to ‘Microsoft Office Word 97-2003 document’. So this turns out to be a welcome change and a good idea – especially when it is 2015 and I am deploying SP 2010 to a datacenter on the moon (dark side of course).
This has come up multiple times now – so recording it for posterity:
Having VMWare Server based development workstations is usually great for controlling a SharePoint development environment. On several occasions a new VM for SharePoint 2010 development (Windows Server 2008 R2, Visual Studio 2010, SharePoint 2010) has frozen on us. And not frozen as in “it is all slow because the host is low on resources” – frozen as in “will be uncovered by alien scientists in a few thousand years who will recreate a scene with it’s adopted mother” (AI was interesting, if nothing else, right?)
So looking at all the usual suspects proved fruitless in the usual way: VMWare tools was installed and up to date. Physical disk was fine, as were the virtual ones. No viruses or malware detected. This all would have been too easy.
I stumbled upon the answer by observing that the machine still had a heartbeat once frozen – there was just no way to interact with it (including pause/shutdown commands) – but there were a few things that indicated life – network activity, CPU cycles, etc. So that narrowed the focus to video. Like I mentioned before, VMWare tools was installed and up to date – the VM was also using the VMWare SVGA II adapter.
Disable video hardware acceleration.
If you think about it, it makes sense that you would not have hardware acceleration enabled within a VM. Problem is, these were all clean vanilla installs – so it was defaulting to a hardware acceleration configuration. If you think about it more, having hardware acceleration on should NOT cause a complete video freeze within a VM, since in theory the hardware ‘exists’ – it is just virtual is all.
In case you are wondering how to get to the place to view and modify video hardware acceleration, it is a little hidden in Windows 2008 R2:
This was some strange behavior: The ‘E-mail A Link’ option in the ECB – or whatever the SharePoint 2010 name for ‘context menu’ is – was opening up the email client (in this case Outlook 2010) with a new email that contained the word ‘Sample’ – no link to the document, just the word ‘Sample’.
I will not reveal that in 2010 that the ‘E-mail a Link’ action results in a round trip to the server for no good reason (oops) – but I will reveal that it is this round trip that caused the issue.
Since WCF is messing with you again just because you probably wanted a site with multiple authentication schemes and did not want the headache of extending the site, add this to the site’s root web.config to make WCF clam up:
<configuration>
<system.web>
…
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>
</configuration>
That is strike #3,9343,091, WCF!!!
BTW, this also had the nice side effect of fixing SPDesigner 2010 access to the site. Once change in place, SPDesigner could access the site.
