Item14958: work around bug in PDF.js not being able to authenticate partial downloads
Priority: Enhancement
Current State: Closed
Released In: n/a
Target Release:
See also
https://blog.foswiki.org/Blog/WorkingAroundANastyBugInPDFJs
There is a nasty bug in PDF.js - which is part of any browser-based PDF reader as shipped with all sorts of chrome based browsers - that
it cannot read large pdf files that need authentication. The PDF.js reader and web servers exchange chunks of large files being split up
in parts as the user continues to read the file.
When resuming these partial downloads, PDF.js fails to authenticate
again against the web server. I.E. it does
not send any cookie
information the way it did with the initial chunk. Thus Foswiki will reject to deliver the rest of the PDF as it seems to be queried by
the unauthenticated default user.
This can only be mitigated on the server side by disabling partial downloads for large PDFs.
The new version of
XSendFileContrib allows to configure different (internal) locations for each filetype to be served. So
partial downloads may still be in place streaming movie files and the like, but being disabled for PDFs.
A full example of an NGINX config will look something like this:
# no auth required for system assets such as css and js
location ~ ^/pub/(System|Applications)/ {
root /path/to/foswiki;
expires 12h;
gzip_static on;
}
# require auth for any other static file
location /pub {
rewrite ^/pub/(.*)$ /bin/xsendfile/$1;
}
# default internal location
location /protected_files {
internal;
alias /path/to/foswiki/pub/;
}
# internal location for pdf but
# disable Accept-Ranges header as it breaks cookie authentication with pdf.js
location /protected_files/pdf {
internal;
alias /path/to/foswiki/pub/;
max_ranges 0;
}
Foswiki can then be configured to serve respective filetypes from their internal web server location:
$Foswiki::cfg{XSendFileContrib}{Location}= "/protected_files";
$Foswiki::cfg{XSendFileContrib}{Locations}{pdf}= "/protected_files/pdf";
--
MichaelDaum - 20 Oct 2020