IE: "File Download Security Warning" opens instead of executing RJS files

Man, trying to make an AJAX-laden site work on IE is really turning
out to be a chore.

My newest problem, as I stated above is that on IE(7), when I submit a
form via remote_form_for and return an RJS response, the browser does
not execute the response, instead opening a

“File Download Security Warning” dialog

"Do you want to save this file, or find a program online to open it?
Name: contribution_charactersf58d5826
Type: Unknown File Type, 15 bytes
From: lynxu64

If I select the “Find” option, I get a Microsoft page telling me that
MimeType: “text/javascript” is an unknown file type.

The content of the rjs file makes no difference – I’ve changed it to
page << “alert(‘hello’)’”
with the same results, and I get the expected result if I open the
downloaded file – alert(‘hello’); .

Some debugging output from my logs shows that the request and response
headers are as expected (as far as I can tell):

request.accepts = [#<Mime::Type:0x7f243eeceb68 @synonyms=[],
@string=“image/gif”, @symbol=nil>, #<Mime::Type:0x7f243eecea50
@synonyms=[], @string=“image/x-xbitmap”, @symbol=nil>, #<Mime::Type:
0x7f243eece910 @synonyms=[], @string=“image/jpeg”, @symbol=nil>,
#<Mime::Type:0x7f243eece7d0 @synonyms=[], @string=“image/pjpeg”,
@symbol=nil>, #<Mime::Type:0x7f243eece690 @synonyms=[],
@string=“application/x-shockwave-flash”, @symbol=nil>, #<Mime::Type:
0x7f243eece550 @synonyms=[], @string=“application/”,
@symbol=nil>, #<Mime::Type:0x7f243eece410 @synonyms=[],
@string=“application/”, @symbol=nil>, #<Mime::Type:
0x7f243eece2d0 @synonyms=[], @string=“application/msword”,
@symbol=nil>, #<Mime::Type:0x7f24457b7fa8 @synonyms=[], @string="/",
request.format = text/javascript
request.template_format = js
response.headers = {“Status”=>“200 OK”, “cookie”=>[], “Content-
Type”=>#<Mime::Type:0x7f24457b77d8 @synonyms=[“application/
javascript”, “application/x-javascript”], @string=“text/javascript”,
@symbol=:js>, “Cache-Control”=>“no-cache”}

I’ve googled this for a full day and found no one with a similar
problem. I suspect it may be something with the mime-type, or possibly
because the url doesn’t end in “.js”.

The interesting thing is that this only seems to be happening to my
post requests: getting the form via ajax and deleting a record via
ajax does fine.

Also, replacing the rjs template with a call to

render :update |page|
page << “alert(‘hello’)’”

yields the same results.

I’ve tried all different configurations of security settings on IE but
no change – of course I’d like to find a solution that doesn’t
require my users to fiddle with their browser settings just to use my

Anybody have any thoughts or dealt with this problem before?