locked
Displaying a thumbnail of a .PDF in a document library RRS feed

Answers

  • Hey,

    When content is in an iframe, client-side calls (for example, using the ActiveX stuff that comes into play when you are on an IE browser connecting to an Office Document) from a page hosted in one domain (for example, http://www.fabrikampapp.com/appPage.html) to a page or service hosted in a different domain (for example, http://contoso.sharepoint.com). By default, browsers block this type of communication for security reasons; they don't want malicious apps to grab data or execute code without users knowing it. 

    So, for your scenario 1, the browser is not firing up any of the by-design logic that external domains are not to be trusted. For scenario 2, it's your local domain so things are a bit more relaxed.

    Please see this blog post for a further rundown of the issues at hand:
    Pretty
    Dangerous Files - why enabling in-browser viewing of PDFs is risky


    Keith Tuomi | Twitter: @itgroove_keith | Blog: http://yalla.itgroove.net

    Please click "Propose As Answer" if a post solves the problem or "Vote As Helpful" if a post has been useful to you.

    • Marked as answer by ChicagoSPDev Tuesday, May 21, 2013 6:42 PM
    Tuesday, May 21, 2013 6:03 PM

All replies

  • Whether or not the PDF is downloaded to your browser or rendered in a web browser is primarily dependent on your users local browser configuration. It see's the .PDF file as the source of the URL and enacts whatever plugins (e.g. Acrobat, FoxIt, etc.) or default programs you have enabled. It's essentially a matter out of your hands unless you directly control group policies for your users and can enforce browser file handling. 

    At the SharePoint level, you can enable or disable permissive file handling as per this article.

    Please also review http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/pdf_open_parameters_v9.pdf to see all the URL paramaters the PDF can work with.

    And, you might know already, but if an upgrade to SharePoint 2013 is in the cards, the PDF preview functionality is included with Office Web Apps : http://www.wictorwilen.se/sharepoint-2013-enabling-pdf-previews-with-office-web-apps-2013-march-2013-update


    Keith Tuomi | Twitter: @itgroove_keith | Blog: http://yalla.itgroove.net

    Please click "Propose As Answer" if a post solves the problem or "Vote As Helpful" if a post has been useful to you.


    • Proposed as answer by Dmitry Kaloshin Friday, May 17, 2013 11:09 AM
    • Edited by KeithTuomi Tuesday, May 21, 2013 6:04 PM Added reference to permissive file handling option
    Thursday, May 16, 2013 9:12 PM
  • Keith,

    I see what your saying, however, I have noticed that:

    1.  If I link to a .pdf file sitting in another website, my iFrames seem to work.

    2.  If I link to a .pdf file sitting in the SharePoint document library setup in the site collection, it prompts me to open.

    It seems that SharePoint somehow is "over riding" my browser settings?


    Adam Talesky

    Monday, May 20, 2013 8:47 PM
  • Hey,

    When content is in an iframe, client-side calls (for example, using the ActiveX stuff that comes into play when you are on an IE browser connecting to an Office Document) from a page hosted in one domain (for example, http://www.fabrikampapp.com/appPage.html) to a page or service hosted in a different domain (for example, http://contoso.sharepoint.com). By default, browsers block this type of communication for security reasons; they don't want malicious apps to grab data or execute code without users knowing it. 

    So, for your scenario 1, the browser is not firing up any of the by-design logic that external domains are not to be trusted. For scenario 2, it's your local domain so things are a bit more relaxed.

    Please see this blog post for a further rundown of the issues at hand:
    Pretty
    Dangerous Files - why enabling in-browser viewing of PDFs is risky


    Keith Tuomi | Twitter: @itgroove_keith | Blog: http://yalla.itgroove.net

    Please click "Propose As Answer" if a post solves the problem or "Vote As Helpful" if a post has been useful to you.

    • Marked as answer by ChicagoSPDev Tuesday, May 21, 2013 6:42 PM
    Tuesday, May 21, 2013 6:03 PM