Skip Navigation LinksOffice365-PDF-Problem

PDF files don't open in the browser in Office365.

 
Apparently there is this thing called Cross-Site Scripting that we should fear so much that servers should override our local browser security settings.
 
 
In IE8 there is a new security setting which prevent files from opening in the browser if the server provides the following header:
X-Download-Options: noopen
More Info:
http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
 
When Browser File Handling is set to 'Strict', Sharepoint 2010 adds this header to all files if the file type in not in the list 'allowed' MIME types. PDF and HTML files are not allowed file type out of the box.
 
The real drag is that both the Browser Bile Handling and the allowed MIME types are settings at the Web Application level. I suspect tenants in Office365 are isolated to the site collection level which means Web Apps are multi-tenant.  Therefore a change to enable PDFs will affect more than one tenant and therefore is not available.
 
For that reason, MS should have anticipated this in advance and should have provided a secure PDF viewer (like the silverlight viewer they already have on docs.com) in advance of General Availability.  The fact that they have not done so and the most official status is 'we are working with adobe...blah blah'  says to me nothing is going to happen anytime soon.
What I fear is loss of usability and productivity.  I'm not convinced that my PDF files in the browser are a security concern.  To me, any concern certainly doesn't outweigh the usability and productivity losses.  That's why opening in the browser using javascript is fine with me. as in the solutions you'll find on this website.
 
If folks are concerned that the sky will fall all of a sudden then you can use the google viewer, that is if you trust google is secure and don't care about your privacy.