When you try to open or to download an active document over
SSL, you can use one the following methods to prevent permanent client-side
caching. The solutions listed here only work when you try to open or to
download the active document as a result of a POST request or by clicking a
hyperlink on a Web page.
- Change security settings in Microsoft Internet Explorer. To
do this, follow these steps:
- On the Tools menu, click
Internet Options.
- On the Advanced tab, scroll to
Security, and then click to select the Do not save
encrypted pages to disk check box.
- Add a Cache-control: no-store HTTP header to the response message.
- You can also add the Cache-control: no-cache HTTP header to the response message. Currently, when you add the Cache-control: no-cache header, the download fails.
Internet Explorer must save the file to the local cache to
enable the associated application to load the file. Temporary client caching of
active documents has only been implemented for hyperlink or for POST request
scenarios to allow the associated application to load the documents. Therefore,
if you use the above methods and try to open or to download the active document
directly by typing the URL of the document in the Internet Explorer Address
bar, the download fails.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
316431
Internet Explorer is unable to open Office documents from an SSL Web site
A fix is available to allow Internet
Explorer to open or to download the active document directly by typing the URL
of the document in the Internet Explorer Address bar and to prevent caching
when the above methods are used. This fix also corrects the behavior with the
Cache-Control: no-cache HTTP header.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
812935
"Internet Explorer cannot download" error message when you use an HTTPS URL to open an Office document or PDF file
If this fix is installed, you can use the
three solutions that are discussed in the article to prevent caching when you
try to open or to download an active document as a result of a POST request, by
clicking a hyperlink, and by directly browsing to the URL of the active
document. This will be the default behavior from Internet Explorer 6.0 Service
Pack 2 (SP2).
Another similar fix is available to allow Internet
Explorer to open or to download the active document when Cache-Control headers
are used to prevent caching. Please note that this fix only works with the
Cache-Control: no-cache and the
Cache-Control: no-store HTTP headers. However, the download fails with the client side
setting "Do not save encrypted pages to disk" when browsing to the URL of the
active document directly.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
323308
Internet Explorer file downloads over SSL do not work with the cache control headers
The only difference between the 812935 hotfix and
the 323308 hotfix is that the 323308 fix sets the following registry key with a
DWORD
value of 1:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\BypassSSLNoCacheCheck
By default, this registry key is added when you install the 323308
hotfix. Also, by default, the
BypassSSLNoCacheCheck
registry value is
not set if you install a security update (MS04-004) that upgrades Wininet to
version 6.0.2800.1400 or later.