Make Chrome always open PDFs itself

37

17

I'm looking for a way to make Google Chrome always open PDFs with its internal viewer when I click a link, as opposed to downloading it to the default location. It works with most URLs, but some servers set a special header to force the file to be downloaded ("Content-Disposition: attachment;", e.g. http://www.uni-goettingen.de/en/46260.html).

What I want is the opposite of this question: Stop PDFs from displaying inside Google Chrome, or what is asked for here, but applied to Chrome: How to ignore “Content-Disposition: attachment” in Firefox

Btw., I'm running Chrome 8.0.552.0 dev on Ubuntu 10.4.

jdm

Posted 2010-10-14T11:44:06.403

Reputation: 1 785

1Would it be acceptable if the PDF is opened in Google Docs ? – Sathyajith Bhat – 2010-10-14T13:54:37.237

I think you should tag the OS because some answers appear to be working only on OSX. – Shimmy – 2018-09-06T06:24:29.873

Answers

15

The "Redirector" answer was just what I was looking for, but that extension is no longer available. So I kept digging and found Modify Content-Type. It's working as I expected (PDFs open in the internal viewer despite Content-Disposition: attachment in the response headers) with a rule of:

URL Filter:       .*
Original Type:    application/.*pdf
Replacement Type: application/pdf
Disposition:      inline

Note well that this may expose you to cross-site scripting vulnerabilities, and you would be wise not to allow .* in the URL filter. Add to it only as needed.

Eric Angell

Posted 2010-10-14T11:44:06.403

Reputation: 476

I have a rule as follows that seems to work, and should be restricted to PDFs (I don't know about XSS vulnerabilities though, and anything could have a .pdf extension, so still be aware):

URL Filter: https?://.*\.pdf
Original Type .*
Replacement Type: application/pdf
Disposition: inline
 – Scott Stevens  – 2014-11-29T06:01:17.330

Can you explain how this filter might make you vulnerable to XSS? – Dai – 2017-03-01T18:53:13.410

https://www.owasp.org/index.php/DOM_Based_XSS "Stefano Di Paola and Giorgio Fedon described a universal XSS attack against the Acrobat PDF plugin. This attack applied the fragment variant of DOM based XSS to PDF documents. The researchers discovered that a PDF document served to the browser, when rendered by the Acrobat plugin, may end up executing part of the fragment as Javascript. Since the Javascript is executed in the context (DOM) of the current site, all an attacker needed to exploit this flaw was to simply find a PDF link somewhere on the site for the XSS condition to be met." – Eric Angell – 2017-03-03T00:16:01.790

So many sites use the content-disposition header to protect users from potential exploits such as that. There are other PDF plugins with other potential vulnerabilities, so don't believe that just because that's one old example it means no others could exist. – Eric Angell – 2017-03-03T00:17:25.483

12

You can remove Content-Disposition response header using Redirector extension. Just add a rule removing Content-Disposition header. Here how it looks like in Rule Editor: redirector rule

With this rule applied all PDFs will be opened in internal viewer.

ks1322

Posted 2010-10-14T11:44:06.403

Reputation: 403

2Choosing "Wildcard" and "Response Header" from those dropdown menus that look like buttons is important - I missed that at first. – Brilliand – 2012-11-08T02:12:48.007

2

Chrome extension no longer available. See http://superuser.com/a/755252/165804 for an alternative.

– Oliver Joseph Ash – 2014-06-13T13:44:16.847

-1

On the URL bar, type chrome://plugins/, look for the Adobe plugin and click on Disable.

Restart Chrome and load a PDF and the file will load using the Google PDF plugin.

Cesar A. Rivas

Posted 2010-10-14T11:44:06.403

Reputation: 180

Exactly what I had to do to get it working on OS X – Nick – 2010-10-14T15:28:31.450

3Comment by @Kyla: This didn't work for me :( it's just this one website that forces me to download them instead of just viewing them online. – Ivo Flipse – 2010-12-30T17:26:54.810

which version of chorme are you using? it works for me perfect... – Cesar A. Rivas – 2010-12-30T20:34:40.323

2

This seems to solve a different problem. See the second question jdm linked to: http://stackoverflow.com/questions/3251575/how-to-ignore-content-disposition-attachment-in-firefox

– daxlerod – 2012-04-24T19:52:51.587

1I'm having the same problem; the Chrome PDF plugin is already enabled on my machine. I'm trying to force pages that specify the PDF should be downloaded (for example with a meta refresh or a MIME entry) to open the PDF in a Chrome tab instead, since all I'm going to do is find the PDF on my hard drive and open it there, then have to go find it again later and delete it. I believe the OP was trying to accomplish the same. – Chris Moschini – 2012-07-01T19:07:27.040

-1

Try the --no-sandbox option.

This should be your shortcut:

"C:\Program Files\Google\Chrome\Application\chrome.exe" --app="http://superuser.com" --no-sandbox

styluuu

Posted 2010-10-14T11:44:06.403

Reputation: 1

How would it work? --no-sandbox should disable sandbox, not ignore HTTP headers, right? – gronostaj – 2013-07-22T08:43:59.973

Asked: 2010-10-14T11:44:06.403

Viewed: 18 415 times

Active: 2017-08-14T20:21:18.620