SOLVED

SharePoint Server: is the Browser File Handling obsolete today with Chrome & Edge?

Copper Contributor

For SharePoint Server 2016+:

 

Is the Browser File Handling setting (Strict/Permissive) obsolete in today's world with Chromium-based browsers?

 

The feature is built on the HTTP Response Header “X-Download-Options: noopen” - is that valid for modern browsers?

 

Thanks!

2 Replies
best response confirmed by Green_Arrow (Copper Contributor)
Solution

@Green_Arrow 

The Browser File Handling setting in SharePoint Server is still relevant in today's world, even with Chromium-based browsers like Chrome and Edge. The feature is used to control how a browser handles different types of files that are served by SharePoint, and it can help to mitigate security risks associated with file downloads.

The HTTP Response Header "X-Download-Options: noopen" is still valid and supported by modern browsers, including Chromium-based ones. This header instructs the browser not to open the file directly in the browser, but rather prompt the user to save it or open it in a separate application. This can help prevent certain types of attacks, such as cross-site scripting (XSS) and content sniffing.

In summary, the Browser File Handling setting and the "X-Download-Options: noopen" header are still relevant and effective in modern browsers and can help improve the security of your SharePoint environment.

If I have answered your question, please mark your post as Solved
If you like my response, please give it a like
Sorry for my late response. Brilliant, thanks for the informative reply!
1 best response

Accepted Solutions
best response confirmed by Green_Arrow (Copper Contributor)
Solution

@Green_Arrow 

The Browser File Handling setting in SharePoint Server is still relevant in today's world, even with Chromium-based browsers like Chrome and Edge. The feature is used to control how a browser handles different types of files that are served by SharePoint, and it can help to mitigate security risks associated with file downloads.

The HTTP Response Header "X-Download-Options: noopen" is still valid and supported by modern browsers, including Chromium-based ones. This header instructs the browser not to open the file directly in the browser, but rather prompt the user to save it or open it in a separate application. This can help prevent certain types of attacks, such as cross-site scripting (XSS) and content sniffing.

In summary, the Browser File Handling setting and the "X-Download-Options: noopen" header are still relevant and effective in modern browsers and can help improve the security of your SharePoint environment.

If I have answered your question, please mark your post as Solved
If you like my response, please give it a like

View solution in original post