When you access an object in Object Storage Service (OSS) with a browser, it might be downloaded automatically instead of displayed. This topic helps you identify the cause and configure the intended preview behavior.
Troubleshoot the issue
If an object downloads automatically, use the curl command to inspect its HTTP response header and identify the cause.
Objective: Check if the HTTP response header contains specific fields that force a download.
Procedure: Open a terminal or command prompt and run the following command. Replace <your-object-URL> with the actual URL of your object.
curl -I "<your-object-URL>"Analyze the results: After you run the command, check the response for the x-oss-force-download and Content-Disposition fields.
-
If the response header includes
x-oss-force-download: true: This means an OSS security policy for default domain names has been triggered. See Scenario 1: Download forced by security policy. -
If the response header does not include
x-oss-force-downloadbut includesContent-Disposition: attachment: This means the object's metadata explicitly specifies a download. See Scenario 2: Download forced by object metadata. -
If the response header includes neither of the preceding fields but the object still downloads: This typically happens because the browser does not recognize the object's content type. See Scenario 3: Incorrect Content-Type prevents preview.
Solutions
Scenario 1: Download forced by security policy
This scenario applies when the response header includes x-oss-force-download: true.
-
Cause: To prevent potential security risks from specific types of files, such as HTML, being executed directly in a browser, OSS forces a file download by adding the
x-oss-force-download: trueandContent-Disposition: attachmentresponse headers. This behavior applies to some file types in some regions when you use an OSS default domain name or a transfer acceleration domain name to access a bucket created after a specific point in time.For details about the policy, see Appendix: OSS forced download rules.
-
Solution: Access OSS resources by using a custom domain name.
-
Procedure:
-
Bind a custom domain name to the bucket: Log on to the OSS console. On the Domain Names page for the target bucket, bind a custom domain name that has a valid ICP filing to the bucket.
-
Configure a CNAME record: Go to your DNS provider, such as Alibaba Cloud DNS, and add a CNAME record that maps your custom domain name to the CNAME address provided by OSS.
-
Access the object by using the new domain name: After you complete the configuration, use the custom domain name URL to access the object. It will then be previewed in the browser.
-
-
For global access acceleration, bind your custom domain name to a transfer acceleration domain name. This approach bypasses the forced download policy and provides acceleration benefits.
-
For detailed instructions, see Map custom domain names.
Scenario 2: Download forced by object metadata
This scenario applies when the response header includes Content-Disposition: attachment but not the x-oss-force-download field.
-
Cause: The
Content-Dispositionfield in the object's metadata is explicitly set toattachment. This setting instructs the browser to download the object as an attachment instead of displaying it inline. This setting is often used to generate temporary download links. If not removed, it causes all subsequent access attempts to trigger a download. -
Solution: Change the object's
Content-Dispositionmetadata toinline.-
Modify in the console
-
Log on to the OSS console, and navigate to the page for the target bucket.
-
Find the target object. In the Actions column, choose .
-
In the dialog box that appears, find the
Content-Dispositionfield and change its value toinline. -
Click OK to save the settings.
-
-
Use ossutil for batch updates
# Set the Content-Disposition of a specified object to inline. ossutil set-props oss://your-bucket/your-object.pdf --content-disposition inline --metadata-directive update
-
Scenario 3: Incorrect Content-Type prevents preview
In this scenario, the HTTP response header is normal, but the browser still downloads the object.
-
Cause: The
Content-Type(also known as MIME type) in the object's metadata is incorrect or missing. For example, if a JPG image has aContent-Typeofapplication/octet-stream, the browser downloads the object because it does not recognize the content type. -
Solution: Set the correct
Content-Typefor the object.-
Modify in the console
-
Log on to the OSS console, and navigate to the page for the target bucket.
-
Find the target object. In the Actions column, choose .
-
In the dialog box that appears, find the
Content-Typefield and change its value to the correct one. -
Click OK to save the settings.
Examples of correct Content-Type values for common object types:
-
Images:
image/jpeg,image/png,image/gif,image/webp -
Video:
video/mp4 -
PDF documents:
application/pdf -
HTML files:
text/html -
Plain text:
text/plain
-
-
Use ossutil for batch updates
# Set the Content-Type of a specified object to image/jpeg. ossutil set-props oss://your-bucket/your-object.jpg --content-type image/jpeg --metadata-directive update
-
Other scenarios and solutions
Metadata changes not effective: Check CDN cache
If you use Content Delivery Network (CDN) to accelerate access to OSS, changes to object metadata, such as Content-Type or Content-Disposition, may not take effect immediately because CDN nodes are still serving cached content with the old headers.
Solution: Log on to the CDN console and purge the URLs for the modified objects to clear the CDN cache. For detailed instructions, see Purge and prefetch resources.
Force an object to download
To force an object to download instead of being previewed, use one of the following methods.
-
Method 1 (Recommended): Configure on the OSS side. As described in Scenario 2, set the object's
Content-Dispositionmetadata toattachment. This method is ideal for applying a permanent download setting to individual objects. -
Method 2: Configuration on the CDN side. If you use CDN, you can add the
Content-Disposition: attachmentheader in the CDN console by configuring the HTTP response header in Cache Settings. This method does not require you to modify objects in the OSS origin and is suitable for batch and flexible rule configuration for specific paths or file types.
Unsupported format for browser preview
Mainstream browsers do not natively support previews for some specialized object formats, such as .psd, .ai, and .sketch. In these cases, the browser downloads the object even with correct OSS and CDN configurations.
Solution: Install a browser extension or plug-in that supports previewing the specific object format. Alternatively, you can use a professional document preview service, such as WebOffice online preview.
Appendix: OSS forced download rules
When an object is unexpectedly downloaded, check the x-oss-ec field in the HTTP response header and find the matching entry in the tables below to identify the cause.
-
Error code (x-oss-ec): A unique identifier for the rule that triggered the download.
-
Bucket creation time: For default domain names, the policy applies to buckets created on or after the policy's effective time. Buckets created before this time are generally not affected.
-
Transfer acceleration enablement time: For transfer acceleration domain names, the policy applies to buckets where the feature was enabled on or after the policy's effective time. Buckets that had transfer acceleration enabled before this time are generally not affected.
Regardless of which rule is matched, you can bypass all forced downloads by using a custom domain name.
OSS default domain names
|
Effective time |
Bucket region |
Affected objects |
Affected object types |
Error code |
|
2018-09-28 08:00 |
China (Hangzhou), China (Shanghai), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Shenzhen), and China (Chengdu) |
Buckets created on or after the effective time |
text/html |
|
|
2019-09-25 12:00 |
China (Nanjing - Local Region, being decommissioned) China (Ulanqab), China (Heyuan), China (Guangzhou), US (Silicon Valley), US (Virginia), South Korea (Seoul), Singapore, Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Thailand (Bangkok), UK (London), and UAE (Dubai) |
Buckets created on or after the effective time |
text/html |
|
|
2019-11-25 14:00 |
Hong Kong (China) |
Buckets created on or after the effective time |
text/html |
|
|
2019-09-23 17:00 |
China (Hohhot) |
Buckets created on or after the effective time |
image/jpeg, image/gif, image/tiff, image/png, image/webp, image/svg+xml, image/bmp, image/x-ms-bmp, image/x-cmu-raster, image/exr, image/x-icon, image/heic, text/html |
|
|
2019-09-24 11:00 |
China (Qingdao) and China (Chengdu) |
Buckets created on or after the effective time |
image/jpeg, image/gif, image/tiff, image/png, image/webp, image/svg+xml, image/bmp, image/x-ms-bmp, image/x-cmu-raster, image/exr, image/x-icon, image/heic, text/html |
|
|
2019-09-24 17:00 |
China (Zhangjiakou) |
Buckets created on or after the effective time |
image/jpeg, image/gif, image/tiff, image/png, image/webp, image/svg+xml, image/bmp, image/x-ms-bmp, image/x-cmu-raster, image/exr, image/x-icon, image/heic, text/html |
|
|
2019-09-29 17:00 |
China (Shanghai) and China (Shenzhen) |
Buckets created on or after the effective time |
image/jpeg, image/gif, image/tiff, image/png, image/webp, image/svg+xml, image/bmp, image/x-ms-bmp, image/x-cmu-raster, image/exr, image/x-icon, image/heic, text/html |
|
|
2019-09-29 18:00 |
China (Beijing) |
Buckets created on or after the effective time |
image/jpeg, image/gif, image/tiff, image/png, image/webp, image/svg+xml, image/bmp, image/x-ms-bmp, image/x-cmu-raster, image/exr, image/x-icon, image/heic, text/html |
|
|
2019-09-30 15:00 |
China (Hangzhou) |
Buckets created on or after the effective time |
image/jpeg, image/gif, image/tiff, image/png, image/webp, image/svg+xml, image/bmp, image/x-ms-bmp, image/x-cmu-raster, image/exr, image/x-icon, image/heic, text/html |
|
|
2022-10-09 00:00 |
Buckets created by users who enabled OSS for the first time on or after 2022-10-09 00:00 |
|||
|
2025-12-22 10:00 |
China (Ulanqab), China (Heyuan), China (Guangzhou), China (Nanjing - Local Region, being decommissioned) |
Buckets created on or after the effective time |
image/jpeg, image/gif, image/tiff, image/png, image/webp, image/svg+xml, image/bmp, image/x-ms-bmp, image/x-cmu-raster, image/exr, image/x-icon, and image/heic |
|
|
2026-03-25 10:00 |
Buckets created on or after the effective time |
Objects with filenames ending in .xml, or objects with a Content-Type of application/xml or text/xml |
N/A |
Transfer acceleration domain names
|
Effective time |
Bucket region |
Affected objects |
Affected object types |
Error code |
|
2020-12-31 00:00 |
Buckets for which transfer acceleration was enabled on or after the effective time |
text/html |
||
|
2021-01-07 12:00 |
UAE (Dubai) |
Buckets for which transfer acceleration was enabled on or after the effective time |
||
|
2021-01-07 18:00 |
Malaysia (Kuala Lumpur) and UK (London) |
Buckets for which transfer acceleration was enabled on or after the effective time |
||
|
2021-01-08 18:00 |
Japan (Tokyo), Indonesia (Jakarta), and Germany (Frankfurt) |
Buckets for which transfer acceleration was enabled on or after the effective time |
||
|
2021-01-14 12:00 |
US (Silicon Valley), US (Virginia), and Singapore |
Buckets for which transfer acceleration was enabled on or after the effective time |
||
|
2021-01-16 00:00 |
Hong Kong (China) |
Buckets for which transfer acceleration was enabled on or after the effective time |
||
|
2022-10-09 00:00 |
Buckets created by users who enabled OSS for the first time on or after 2022-10-09 00:00 |
|||
|
2023-02-01 00:00 |
South Korea (Seoul), Philippines (Manila), and Thailand (Bangkok) |
Buckets for which transfer acceleration was enabled on or after the effective time |