Error: Blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff)

Question

I am trying to test some api calls with a test site using express and ajax but if I separate the js script into its own file it gives the following error,

The resource from “http://localhost:9000/userProfileFunctions.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).

It works if I keep everything in the same html file but thats more like a bandaid to the problem. I have even set the express app.use header to "X-Content-Type-Options: nosniff" but it still doesn't work

main.html

<html>

<head>
    <script
            src="https://code.jquery.com/jquery-3.4.1.min.js"
            integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
            crossorigin="anonymous">
    </script>

    <script src="userProfileFunctions.js" ></script>

</head>
<body>
    <form>
        <h4>GET REQUEST USERS PROFILE</h4>
        UUID: <input id="getUserInput" type="text" name="UUID"><br>
        <input id="getUserProfile" type="button" value="submit">
    </form>
</body>
</html>

app.js

app.use(function(req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    next();
});

Answer 1

This is not a very technical answer, but I was getting this same error with testing even though the production version worked. The error went away when I switched Off Enhanced Tracking Protection in Firefox (Developer Edition).

Answer 2

It's because of the file's location has been changed. Check the path and update your src tag of your script with the correct location.

/ChangeLocation/userProfileFunctions.js

example:

<script type="application/javascript" src="/NewLocation/userProfileFunctions.js/">