• 0

Using header() to force download not working in Chrome or Firefox


Question

I have created an mp3 downloader script which forces downloads of MP3s that are located outside of the web root. I've received a few support requests saying it's not working.. I originally only tested it in Safari and it worked fine, so I tested it in Chrome and Firefox and can confirm it returns a 404 error in both of those browsers.

In Chrome console it shows: net::ERR_INVALID_RESPONSE

download.php:

header("Content-Description: File Transfer");
header("Content-Type: {$mime}");
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: application/force-download"); 
header("Content-Type: application/download");
header("Content-Disposition: attachment; filename={$filename}");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($file));
while(ob_get_level()) ob_end_clean();
flush();
readfile($file);
exit;

 

I have checked all paths and variables.. everything is set, exists and readable.

If i remove application/force-download and application-download it loads the in browser mp3 player but returns a 404... so it looks like it can't find the file outside of web root - does Chrome/Firefox not allow that?

It is definitely working in Safari

Any ideas?

4 answers to this question

Recommended Posts

  • 0

Check your Inspect Element tool on Chrome and see if it's blocking it client sided, I ran into issues with loading javascript files / modifying css through an iframe for security reasons. If you're on a windows device using safari, you're using a very outdated version (merely an assumption you're on windows) which may not have included a patch for cross-site anything.

I know that you get into a really grey area when you start using cross-site downloads without the appropriate allow-content headers on the receiving and requesting servers.

  • 0

A few of these headers are meaningless outside of email (Content-Description and Content-Transfer-Encoding), and overwriting the content-type multiple times won't help much either (You ideally want to either use the original mime-type, or application/octet-stream. I have no idea what uses "download" or "force-download").

It returning a 404 is the more likely problem, PHP is actually using the $filename and $mime in the headers right? (Been ages since I've used PHP) It's also odd that you're just downing normal string concatenation for the filesize, but not for other headers.

  • 0
  On 18/08/2015 at 06:00, The_Decryptor said:

A few of these headers are meaningless outside of email (Content-Description and Content-Transfer-Encoding), and overwriting the content-type multiple times won't help much either (You ideally want to either use the original mime-type, or application/octet-stream. I have no idea what uses "download" or "force-download").

It returning a 404 is the more likely problem, PHP is actually using the $filename and $mime in the headers right? (Been ages since I've used PHP) It's also odd that you're just downing normal string concatenation for the filesize, but not for other headers.

Thanks for your input, i removed the 'meaningless' headers and it still works in Safari so i'll leave those out. It didn't fix the chrome issue though.

  • 0

This has always worked for me:

  • $file = "filename.ext";
  •  
  • // Quick check to verify that the file exists
  • if( !file_exists($file) ) die("File not found");
  •  
  • // Force the download
  • header("Content-Disposition: attachment; filename="" . basename($file) . """);
  • header("Content-Length: " . filesize($file));
  • header("Content-Type: application/octet-stream;");
  • readfile($file);

 

This topic is now closed to further replies.
  • Posts

    • I'm not sure why anyone would want to use Chrome on Android when there are far better browsers that let you disable ads. I personally use Vivaldi and never see ads by default. Am I right in thinking you can't block ads on Chrome for Android?
    • Same time next month y'all, when we see this 💩posted again?
    • I mean, it's not like they did something like force you to have U2's "Songs of Innocence" on your computer with no way to remove it... *coughcough*
    • Going to quote myself from a comment I made to a related article: It's not about the OS, it's about the workflow. OS fans consistently miss this. People have work to do and they've invested a lot of time, effort and even money building their workflows. It's expensive to change, so that change has to offer real benefits that compensate for the cost of updating workflow and sorry, Win 11 just doesn't. Win 11 breaks workflow in weird and pointless ways seemingly either to dumb down the OS (with the same results as we saw when MSFT tried to dumb down Office's menuing system with "SmartMenus") or make it look more like macOS. MSFT seems to have completely lost the basics of UI/UX like FITS and muscle memory in Win 11. If they had made these optional - then sure, but they aren't. That's the same reason most users won't just jump to an entirely new OS - which has an even bigger workflow cost - until there's just no other option. Not only is there the core workflow cost, but the cost of finding new parallel software for the new OS, transferring and possible converting files and dealing with incompatibilities and then redeveloping workflows. It's just not as simple as "switch". And now there IS another option, stay on Win 10 for another year and pray for Win 12 (much as Win 7 users did with Win 8 - which happened when Win 10 came out).
    • At least that album was really good. I don't know if F1 was $200 million well spent yet...
  • Recent Achievements

    • Mentor
      The Werewolf went up a rank
      Mentor
    • First Post
      Myriachan earned a badge
      First Post
    • Week One Done
      DrRonSr earned a badge
      Week One Done
    • Week One Done
      Sharon dixon earned a badge
      Week One Done
    • Dedicated
      Parallax Abstraction earned a badge
      Dedicated
  • Popular Contributors

    1. 1
      +primortal
      615
    2. 2
      ATLien_0
      227
    3. 3
      +FloatingFatMan
      170
    4. 4
      Michael Scrip
      166
    5. 5
      Som
      148
  • Tell a friend

    Love Neowin? Tell a friend!