I have IIS6 running HTTPS that hosts a SWF file. On FireFox and Chrome the swf is played. On IE (8 and 7) the browser dialog opens with

File Download - Security Warning
Do you want to open or save this file
Name: patersons_swf (file is patersons.swf)
Type: Shockwave Flash Object, 363KB


The mime type for .swf is
application/x-shockwave-flash
which according to firebug in FF is what is being delivered

The same swf dropped onto another HTTPS site works just fine on all 3 browsers.

The swf on my server with HTTP works just fine on all 3 browsers


Any one got any suggestions how to resolve this?
Unfortunately not supporting IE is not a solution

have you got link?

Sounds like the server is sending the wrong mime type or something, causing IE to offer to download it instead of rendering like expected.

I'd download Charles (http://www.charlesproxy.com/) and compare the headers of the file from each server. You can set it to show the encrypted traffic as well by going to "Proxy Settings->SSL->Add" and adding the hostnames of your servers.

I can't imagine life without Charles, what a beautifully functional piece of software :-)

Have you put added the mime type to your hosting?

I have been using Fiddler2, but will take a look with Charles next.

In the Response header. IE has a Body of 371,782, where as FF and Chrome have 0
IE has a content type of 'application/x-shockwave-flash', FF and Chrome are blank.

For the Raw view, IE has 'CWS', then a lot of garbled text after the header
It looks like IE is getting the contents of the SWF in the response, but FF and Chrome download the file off the server

This is the URL to the swf
https://secure.psl.com.au/patersons.swf

In the Response header. IE has a Body of 371,782, where as FF and Chrome have 0
IE has a content type of 'application/x-shockwave-flash', FF and Chrome are blank.

For the Raw view, IE has 'CWS', then a lot of garbled text after the header
It looks like IE is getting the contents of the SWF in the response, but FF and Chrome download the file off the server


yeah nah.

$ curl -I https://secure.psl.com.au/patersons.swf
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 371782
Content-Type: application/x-shockwave-flash
Content-Location: https://secure.psl.com.au/patersons.swf
Last-Modified: Mon, 22 Jun 2009 02:04:11 GMT
Accept-Ranges: bytes
ETag: "f32650bcddf2c91:6207"
Server: Microsoft-IIS/6.0
X-Powered-By: CF8
X-Powered-By: ASP.NET
Date: Tue, 26 Oct 2010 06:08:38 GMT

Now show us a URL that works in IE and we'll compare.

yeah nah.

$ curl -I https://secure.psl.com.au/patersons.swf
HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 371782
Content-Type: application/x-shockwave-flash
Content-Location: https://secure.psl.com.au/patersons.swf
Last-Modified: Mon, 22 Jun 2009 02:04:11 GMT
Accept-Ranges: bytes
ETag: "f32650bcddf2c91:6207"
Server: Microsoft-IIS/6.0
X-Powered-By: CF8
X-Powered-By: ASP.NET
Date: Tue, 26 Oct 2010 06:08:38 GMT

Now show us a URL that works in IE and we'll compare.

https://ajtest.fasthit.net/patersons.swf

Response Headers - https://ajtest.fasthit.net/patersons.swf

Content-Length: 371782
Content-Type: application/x-shockwave-flash
Last-Modified: Fri, 22 Oct 2010 03:41:41 GMT
Accept-Ranges: bytes
Etag: "a21266a9b71cb1:3fd52"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 26 Oct 2010 06:13:35 GMT

200 OK

Response Headers - https://secure.psl.com.au/patersons.swf

Cache-Control: no-cache
Content-Length: 371782
Content-Type: application/x-shockwave-flash
Content-Location: https://secure.psl.com.au/patersons.swf
Last-Modified: Mon, 22 Jun 2009 02:04:11 GMT
Accept-Ranges: bytes
Etag: "f32650bcddf2c91:6207"
Server: Microsoft-IIS/6.0
X-Powered-By: CF8, ASP.NET
Date: Tue, 26 Oct 2010 06:14:12 GMT

200 OK

New/changed headers highlighted

would any of these differences explain the different behaviour?

would any of these differences explain the different behaviour?

No doubt, but I've never cared to use Windows server, nor know the intricacies of the IE browsers to tell you how to resolve it.

Try googling combinations of those header names, browser name, server name and issue description for others that may have experienced the same issue and resolved it.

I have been googling my brains out over this :-(

I can imagine

Could it be Coldfusion that is inserting the headers? Tried turning it off on the broken domain to see if the behaviour changes?

this is what Charles returns

The failure message seems to contradict the Status :confused:

URL https://secure.psl.com.au/patersons.swf
Status Complete
Failure Client closed connection before receiving entire response
Response Code 200 OK
Protocol HTTP/1.1
Method GET
Content-Type application/x-shockwave-flash
Client Address /127.0.0.1
Remote Address -
Timing
Request Start Time 27/10/10 3:35:30 PM
Request End Time 27/10/10 3:35:30 PM
Response Start Time 27/10/10 3:35:30 PM
Response End Time 27/10/10 3:35:30 PM
Duration 47 ms
Request Duration 0 ms
Response Duration 47 ms
Latency 0 ms
Speed 1,383.46 KB/s
Response Speed 1,360.70 KB/s
Size
Request Header Size 1.07 KB (1095 bytes)
Response Header Size 376 bytes
Request Size -
Response Size 63.59 KB (65112 bytes)
Total Size 65.02 KB (66583 bytes)
Request Compression -
Response Compression -

I would be guessing that it has something to do with the content-location header -- is there any way to turn this off?

Some more info: http://www.subbu.org/blog/2008/10/location-vs-content-location

It's possible that IE gets to the content-location header, and thinks the resource lives elsewhere, so closes the connection.

I think it is just an IIS issue on how it serves it up and IE is not being able to handle it - it cannot decode the stream for some reason and fallbacks to want to save the file but then cannot for some reason.

Have you tried running the SWF from a html page?

Hmm Also You cannot download the file from IE

http://dl.dropbox.com/u/2480351/ie-swf-issue.JPG

And if you use chrome to download it and open in IE it does not load locally either - so might be an IE thing not IIS..

the same file runs from here, so I think it is my IIS
https://ajtest.fasthit.net/patersons.swf

hmm - I think your culprit is

Cache-Control: no-cache

Change your IIS 6 instance to allow caching when SSL is enabled

hmm - I think your culprit is

Cache-Control: no-cache

Change your IIS 6 instance to allow caching when SSL is enabled
that indeed was the issue.
Enable content expiration is now unchecked

Thank you every one for your assistance.