Menu
Is there any way to disable strict MIME type checking in Chrome.
Actually I'm making a JSONP request on cross domain. Its working fine on Firefox but, while using chrome its giving some error in console.
Refused to execute script from 'https://example.com' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
Its working perfectly in Mozilla.. Issue is arising in chrome only
Here are the response Headers of the request..
Cache-Control:no-cache, no-store Connection:Keep-Alive Content-Length:29303 Content-Type:text/plain;charset=ISO-8859-1 Date: xxxx Expires:-1 Keep-Alive:timeout=5 max-age:Thu, 01 Jan 1970 00:00:00 GMT pragma:no-cache Set-Cookie:xxxx Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options:nosniff X-Frame-Options:SAMEORIGIN Workaround what i think : Externally setting content-type to application/javascript
545
The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.
To Solve MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled ErrorJust make Sure Your File name and the name You are Using in Link Tag Both Are Same. For Example my File name is style. css Then My Link tag is Something like this:<link rel=”stylesheet” href=”style.
When an application searches for the MIME type of a file, the application checks the filename against the MIME information files. If a match for the filename is found, the MIME type associated with the extension or pattern is the MIME type of the file.
The server should respond with the correct MIME Type for JSONP application/javascript and your request should tell jQuery you are loading JSONP dataType: 'jsonp'
Please see this answer for further details ! You can also have a look a this one as it explains why loading .js file with text/plain won't work.
130
In my case, I turned off X-Content-Type-Options on nginx then works fine. But make sure this declines your security level a little. Would be a temporally fix.
# Not work add_header X-Content-Type-Options nosniff; # OK (comment out) #add_header X-Content-Type-Options nosniff; It'll be the same for apache.
<IfModule mod_headers.c> #Header set X-Content-Type-Options nosniff </IfModule> If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
