3 Replies Latest reply on Feb 6, 2018 8:50 AM by Jason Glass

    MIME type returned for Office Documents recognized at ZIP in Internet Explorer 8 and lower

    Windward Admin Newbie

      Hello,

       

      We have several clients reporting that a file stream that is returned from our application for MS Office filetypes (DOCX, XLSX and PPTX) is interpreted in Internet Explorer 8 as a ZIP file instead of the appropriate MS Office MIME types.   In Chrome, Safari, Firefox and IE 9.X and above the MIME type is interpreted correctly.

       

      After some research I have found that MIME sniffing is used to interpret the first few bytes of the incoming filestream. 

       

      My question is how can I alter the JBoss server in accordance with the articles from Microsoft below to allow for this MIME type exception?  The article states that a custom X-Content-Type-Options:nosiff HTTP header request needs to be added to the JBoss server.

       

      We are using JBoss 4.2.3

       

      How to add a custom HTTP Response Header to JBoss

      https://community.jboss.org/message/621370


      This post in the JBoss forums alludes to manipulating the WAR file of the application to create application specific rules for exceptions.

       

      https://community.jboss.org/wiki/DisableCacheControl

       

      This is the article for HTTPS connections with the same issue on the MS Website and how to add this header to an MS Server.

       

      http://support.microsoft.com/?id=316431

       

      From the information in the MS article and the information in the JBoss forum on how to translate adding a MS Custom HTTP Header to a JBoss application, I believe the same steps can be taken to add the header request I sent earlier “X-Content-Type-Options: nosniff” as well as adding the DisableCacheControl if our clients are using HTTPS connections to the app.


      Common non-standard response headers[edit]

      Field name

      Description

      Example

      X-Content-Type-Options[33]

      The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions.[34]

      X-Content-Type-Options: nosniff


       

          --The Windward Team