On a Visualforce page I have an IFRAME like this:
<iframe class="viewer" src=""></iframe>
It starts up an shows nothing because src is blank. Good. To store the actual PDF I upload it as File (not the old Attachment). So technically I have a DocumentVersion which holds the blob of the pdf.
Now I use JS to update the src tag to show a PDF like this (where Id is set to a valid DocumentVersion id )
$('.viewer').attr('src',/sfc/servlet.shepherd/document/download/'+id)
On the sandbox, it works like a charm: the pdf will be loaded inside the iframe as expected.
Now if I deploy the same code on Production, the following happens: the IFRAME is not updated, but the PDF is downloaded by the browser.
The code I use is 100% identical – but behaves differently !!
I found so far, that the code is NOT the reason for this. The difference is caused just by the link I use. This itself is behaving differently:
/sfc/servlet.shepherd/document/download/ANY_VALID_CONTENTVERSION_ID_HERE
- On sandbox, chrome is using the internal PDF-Viewer to display the file. Which is what I want.
- On Production for a very short time (seconds only!) a new tab is opened and closed again and the PDF is downloaded instead of shown with the internal viewer.
I could not track it down, but I expect some headers are set differently by Salesforce causing that result.
Does anyone know more about the backgrounds on that or has encountered similar effects?
EDIT 1
I was able to dig deeper inside this issue inspecting the headers in detail as shown here: Files: Why ContentVersion /sfc/servlet.shepherd/document/download/ sometimes sets Content-Disposition=attachment and sometimes =inline
Basic issue is, that Content-Disposition needs to be inline but on production it gets attachment.
Best Answer
There is a specific settings in salesforce 'File Upload and Download Security' that can help you to choose download or show file.
There are 3 options of file download behavior:
Please reference this link for more invo: https://help.salesforce.com/articleView?id=admin_files_type_security.htm&type=5