PDF reader Fails to Save Sensitive PDF Documents Due to Second Download Attempt

%3CLINGO-SUB%20id%3D%22lingo-sub-2724042%22%20slang%3D%22en-US%22%3EPDF%20reader%20Fails%20to%20Save%20Sensitive%20PDF%20Documents%20Due%20to%20Second%20Download%20Attempt%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2724042%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3ESummary%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EThe%20PDF%20reader%20in%20Microsoft%20Edge%20does%20not%20handle%20sensitive%20PDF%20documents%20as%20expected.%20Microsoft%20Edge%20attempts%20to%20download%20the%20PDF%20document%20a%20second%20time%20when%20you%20try%20to%20save%20the%20PDF%20document%20to%20the%20desktop.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EUse%20case%3C%2FSTRONG%3E%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3Ea%20website%20offers%20the%20PDF%20files%20with%20secure%20one-time%20use%20only%20URL%2C%20for%20example%3A%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3Ehttps%3A%2F%2Fsecure.example.com%2Fmy%2Fsite%3FfileId%3D866e0a76a298781c8f58c6e5cd34%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E1.%20When%20the%20user%20opens%20the%20document%20from%20a%20website%2C%20the%20following%20HTTP%20response%20header%2Fbody%20is%20sent%20to%20Microsoft%20Edge%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-markdown%22%3E%3CCODE%3EHTTP%2F1.1%20200%20OK%0ADate%3A%20Fri%2C%2003%20Sep%202021%2010%3A35%3A31%20GMT%0AServer%3A%0ACache-Control%3A%20no-cache%2C%20no-store%2C%20max-age%3D0%0APragma%3A%20no-cache%0AExpires%3A%20Thu%2C%2001%20Jan%201970%2000%3A00%3A00%20GMT%0AContent-Disposition%3A%20inline%3B%20filename%3Dmypayslip.pdf%3B%20size%3D8521%0AX-Frame-Options%3A%20SAMEORIGIN%0AX-Content-Type-Options%3A%20nosniff%0AKeep-Alive%3A%20timeout%3D15%0AConnection%3A%20Keep-Alive%0ATransfer-Encoding%3A%20chunked%0AContent-Type%3A%20application%2Fpdf%0AContent-Language%3A%20en%0A%0Ae83%0A%25PDF-1.4%0A5%200%20obj%0A%26lt%3B%26lt%3B%0A%2FType%20%2FXObject%0A...%E2%80%8B%E2%80%8B%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E2.%20The%20PDF%20reader%20in%20Microsoft%20Edge%20shows%20the%20PDF%20document%20directly%20in%20the%20browser%20UI%20(default%20behavior).%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E3.%20You%20click%20on%20the%20Save%20icon%20of%20the%20PDF%20viewer%20to%20save%20the%20payslip%20locally%20on%20the%20desktop.%3CBR%20%2F%3E4.%20For%20the%202nd%20time%2C%20Microsoft%20Edge%20%3CSTRONG%3E*again*%3C%2FSTRONG%3E%20downloads%20the%20document%20with%20the%20same%20URL%3A%3CBR%20%2F%3EGET%20%3CA%20href%3D%22https%3A%2F%2Fsecure.example.com%2Fmy%2Fsite%3FfileId%3D866e0a76a298781c8f58c6e5cd34%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fsecure.example.com%2Fmy%2Fsite%3FfileId%3D866e0a76a298781c8f58c6e5cd34%3C%2FA%3E%3CBR%20%2F%3E--%26gt%3B%20The%20website%20does%20not%20allow%20this%20action%20as%20the%20URL%20is%20a%20one-time%20use%20only.%20Because%20of%20that%2C%20the%20HTTP%20response%20contains%20an%20HTML%20error%20page%20instead%20of%20the%20actual%20PDF%20document.%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3E5.%20The%20PDF%20reader%20will%20still%20propose%20to%20Save%20the%20file%20with%20a%20filename%20of%20%22site.html%22%20but%20you'll%20not%20be%20saving%20the%20payslip.%20Instead%2C%20you're%20saving%20an%20HTML%20page.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EConclusion%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EIt%20is%20not%20possible%20to%20save%20the%20PDF%20document%20to%20the%20desktop%20when%20using%20the%20PDF%20reader%20of%20Microsoft%20Edge%2C%20using%20the%20default%20setup%20of%20Microsoft%20Edge.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3E%22Workaround%22%20(because%20note%20really)%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EThe%20only%20workaround%20for%20this%20is%20by%20%3CSTRONG%3E*not*%3C%2FSTRONG%3E%20using%20the%20the%20internal%20PDF%20reader%20of%20Edge%2C%20but%20let%20Microsoft%20Edge%20download%20the%20PDF%20file%20instead%3A%3C%2FP%3E%3COL%3E%3CLI%3EOpen%20Edge%20Settings%20and%20more%20(Alt%2BF)%3C%2FLI%3E%3CLI%3EChoose%20Cookies%20and%20site%20permissions%20in%20the%20left%20sidebar%3C%2FLI%3E%3CLI%3EIn%20section%20%E2%80%9CAll%20permissions%22%2C%20click%20on%20PDF%20documents%3C%2FLI%3E%3CLI%3EEnable%20the%20option%20%E2%80%9CAlways%20download%20PDF%20files%E2%80%9D%3C%2FLI%3E%3C%2FOL%3E%3CP%3EThis%20is%20obviously%20not%20desirable%20as%20you%20won't%20be%20able%20to%20use%20the%20internal%20PDF%20viewer%20anymore.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EPoints%20of%20Interest%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3ETwo%20interesting%20observations%3C%2FP%3E%3COL%3E%3CLI%3ESaving%20the%20PDF%20document%20triggers%20the%20second%20download%20attempt.%20However%2C%20if%20you%20try%20to%20print%20the%20document%20there%20is%20NO%20second%20download%20attempt.%20Both%20are%20processing%20the%20entire%20PDF%20document%20so%20why%20would%20these%20behave%20differently%3F%3C%2FLI%3E%3CLI%3EMozilla%20Firefox%20ESR%2078.x%20and%2091.x%20using%20their%20internal%20PDF%20viewer%20does%20*NOT*%20show%20the%20same%20behavior.%20The%20PDF%20document%20is%20only%20downloaded%20once%2C%20and%20saving%20it%20from%20their%20internal%20PDF%20viewer%20saves%20the%20mypayslip.pdf%20file%20as%20expected.%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%3CSTRONG%3EFinal%20Comments%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3EIn%20summary%2C%20why%20does%20Microsoft%20Edge%20tries%20to%20download%20the%20PDF%20document%20twice%20from%20the%20website%3F%20The%20entire%20document%20is%20already%20downloaded%20and%20available%20in%20the%20browser.%20Other%20browsers%20like%20Mozilla%20Firefox%20behave%20better%20then%20Microsoft%20Edge%20with%20exactly%20the%20same%20HTTP%20response%20headers.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'd%20love%20to%20hear%20whether%20the%20behavior%20of%20PDF%20reader%20in%20Microsoft%20Edge%20is%20expected%20or%20not.%20Is%20this%20in%20accordance%20to%20the%20RFC%20specifications%20for%20the%20given%20HTTP%20response%20headers%3F%20Secondly%2C%20are%20there%20any%20changes%20to%20the%20HTTP%20response%20headers%20that%20could%20avoid%20the%202nd%20download%20attempt%2C%20while%20keeping%20the%20HTTP%20header%20%22Cache-Control%3A%20no-cache%2C%20no-store%2C%20max-age%3D0%22%20part%20of%20the%20HTTP%20response%20header%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2818315%22%20slang%3D%22en-US%22%3ERe%3A%20PDF%20reader%20Fails%20to%20Save%20Sensitive%20PDF%20Documents%20Due%20to%20Second%20Download%20Attempt%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2818315%22%20slang%3D%22en-US%22%3EAny%20further%20thoughts%20or%20comments%20on%20this%20issue%3F%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20short%3A%20how%20can%20enterprise%20applications%20serve%20sensitive%20PDF%20files%20(e.g.%20payslips)%20to%20the%20browser%20in%20the%20most%20secure%20way%20AND%20ensure%20that%20Chrome's%20internal%20PDF%20viewer%20can%20save%20the%20PDF%20file%20to%20the%20client%20WITHOUT%20the%20need%20to%20download%20the%20same%20PDF%20file%20a%20second%20time%3F%3C%2FLINGO-BODY%3E
New Contributor

Summary

The PDF reader in Microsoft Edge does not handle sensitive PDF documents as expected. Microsoft Edge attempts to download the PDF document a second time when you try to save the PDF document to the desktop.

 

Use case

a website offers the PDF files with secure one-time use only URL, for example:

https://secure.example.com/my/site?fileId=866e0a76a298781c8f58c6e5cd34

 

1. When the user opens the document from a website, the following HTTP response header/body is sent to Microsoft Edge:

 

HTTP/1.1 200 OK
Date: Fri, 03 Sep 2021 10:35:31 GMT
Server:
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Disposition: inline; filename=mypayslip.pdf; size=8521
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Keep-Alive: timeout=15
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/pdf
Content-Language: en

e83
%PDF-1.4
5 0 obj
<<
/Type /XObject
...​​

 

2. The PDF reader in Microsoft Edge shows the PDF document directly in the browser UI (default behavior).

3. You click on the Save icon of the PDF viewer to save the payslip locally on the desktop.
4. For the 2nd time, Microsoft Edge *again* downloads the document with the same URL:
GET https://secure.example.com/my/site?fileId=866e0a76a298781c8f58c6e5cd34
--> The website does not allow this action as the URL is a one-time use only. Because of that, the HTTP response contains an HTML error page instead of the actual PDF document.

5. The PDF reader will still propose to Save the file with a filename of "site.html" but you'll not be saving the payslip. Instead, you're saving an HTML page.

 

Conclusion

It is not possible to save the PDF document to the desktop when using the PDF reader of Microsoft Edge, using the default setup of Microsoft Edge.

 

"Workaround" (because note really)

The only workaround for this is by *not* using the the internal PDF reader of Edge, but let Microsoft Edge download the PDF file instead:

  1. Open Edge Settings and more (Alt+F)
  2. Choose Cookies and site permissions in the left sidebar
  3. In section “All permissions", click on PDF documents
  4. Enable the option “Always download PDF files”

This is obviously not desirable as you won't be able to use the internal PDF viewer anymore.

 

Points of Interest

Two interesting observations

  1. Saving the PDF document triggers the second download attempt. However, if you try to print the document there is NO second download attempt. Both are processing the entire PDF document so why would these behave differently?
  2. Mozilla Firefox ESR 78.x and 91.x using their internal PDF viewer does *NOT* show the same behavior. The PDF document is only downloaded once, and saving it from their internal PDF viewer saves the mypayslip.pdf file as expected.

Final Comments

In summary, why does Microsoft Edge tries to download the PDF document twice from the website? The entire document is already downloaded and available in the browser. Other browsers like Mozilla Firefox behave better then Microsoft Edge with exactly the same HTTP response headers.

 

I'd love to hear whether the behavior of PDF reader in Microsoft Edge is expected or not. Is this in accordance to the RFC specifications for the given HTTP response headers? Secondly, are there any changes to the HTTP response headers that could avoid the 2nd download attempt, while keeping the HTTP header "Cache-Control: no-cache, no-store, max-age=0" part of the HTTP response header?

1 Reply
Any further thoughts or comments on this issue?

In short: how can enterprise applications serve sensitive PDF files (e.g. payslips) to the browser in the most secure way AND ensure that Chrome's internal PDF viewer can save the PDF file to the client WITHOUT the need to download the same PDF file a second time?