Some of the security features in the new SharePoint 2010 are interesting. One of them is that SharePoint 2010 now adds some fun security headers in files that may be dangerous if downloaded to a client computer. So instead of opening the documents it will only give you the option to download or cancel the operation. While I can understand this with some files such as .html and .sql, it doesn’t make sense with files like PDF.

While this can be annoying, I completely understand. Most blogs that I’ve read suggest that you go into the Central Admin and for the general settings of the web application you’re interested in changing the file handling from strict to permissive. DO NOT DO THIS! It opens some wonderful security holes and completely circumvents the reason for strict file handling.

Once again, PowerShell comes to the rescue by allowing us to specify specific extensions (well, MIME types) that we will allow to be openned in the browser.  Here is the script:

$webApp = Get-SPWebApplication http://sharepoint
 If ($webApp.AllowedInlineDownloadedMimeTypes -notcontains "application/pdf")
 {
   Write-Host "Adding PDF MIME Type..."
   $webApp.AllowedInlineDownloadedMimeTypes.Add("application/pdf")
   $webApp.Update()
   Write-Host "PDF MIME type now allowed for inline download."
 } Else {
   Write-Host "PDF MIME type already allowed for inline download."
 }