When setting X-Content-Type-Options to "nosniff", all the javascript files on my website are blocked due to "mime type mismatch".
In my code, I have many javascript files which are used in aspx files. Here are just a few of the declarations from within the aspx file: (note: there are many more)
<script type="application/javascript" src="../Scripts/OrderEditScripts.js"></script>
<script type="application/javascript" src="../Scripts/ImageControlScripts.js"></script>
<script type="application/javascript" src="../Scripts/ImageEditScripts.js"></script>
Via many google searches, I have been led to also setting the MIME types in IIS. I have done so.
So, now I have code that is set to: "application/javascript" and IIS Mime type settings that are set to "application/javascript" for.js files.
However, these files are still being blocked for mime type mismatch.
When using the Internet Explorer debugger, if I click on the "Network" tab, I can see the request made for every file.
Looking at the javascript files that are requested, I can see that in the column called "Content type", the debugger is showing "text/html"
Also in the debugger, on the right hand pane, in the headers tab, I can see the request headers and the response headers.
The request headers show:
Accept: application/javascript, / ;q-0.8
The response headers show: Content-Type: text/html; charset-utf-8
I have a feeling this is where the "mismatch" is happening, but I don't know where the "text/html" is coming from. As mentioned, my code has the type set to "application/javascript" and IIS is set to "application/javascript".
I will include an image to try and encapsulate everything that is going on:
(apparently I need at least 10 reputation points before I can post an image, so I can't provide any images).
The expected result is that I do not get a mime type mismatch and that my javascript files are allowed to execute.
I figured it out.
There was a setting in the web.config that was causing this.
I don't know the reason it works, but I commented out that setting.
In the "system.webServer" section, there was a section for "handlers" In the "handlers" section, the following needed to be commented out:
<add name="JS" path="*.js" verb="GET, HEAD, POST, DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requiredAccess="Script" />
After commenting out this section, the javascript files are no longer blocked due to mime type mismatches.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.