Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

Download with RequestHandler doesn't work in Internet Explorer

Werner Hahn
7 years ago Sep 29, 2015 3:34pm
Werner Hahn
7 years ago Oct 12, 2015 8:30am

The problem was our upgrade to Spring Security 4 from 3. Beginning with this version, the headers configuration defaults to true. This adds at least the following headers:

  • X-Content-Type-Options: nosniff
  • X-Frame-Options: DENY
  • X-XSS-Protection: 1; mode=block

Disabling the headers as described in the linked document fixes the download again. It's totally unclear to me whether this is caused by problems in IE or the other browsers, i.e., is IE right or wrong to reject the download when the headers are present. Or maybe the interpretation of those headers is fuzzy...