Why does Internet Explorer debugger identify javascript file as text/html when in the code and in iis the type is set as application/javascript?

Question

When setting X-Content-Type-Options to "nosniff", all the javascript files on my website are blocked due to "mime type mismatch".

In my code, I have many javascript files which are used in aspx files. Here are just a few of the declarations from within the aspx file: (note: there are many more)

<script type="application/javascript" src="../Scripts/OrderEditScripts.js"></script>
<script type="application/javascript" src="../Scripts/ImageControlScripts.js"></script>
<script type="application/javascript" src="../Scripts/ImageEditScripts.js"></script>

Via many google searches, I have been led to also setting the MIME types in IIS. I have done so.

So, now I have code that is set to: "application/javascript" and IIS Mime type settings that are set to "application/javascript" for.js files.

However, these files are still being blocked for mime type mismatch.

When using the Internet Explorer debugger, if I click on the "Network" tab, I can see the request made for every file.

Looking at the javascript files that are requested, I can see that in the column called "Content type", the debugger is showing "text/html"

Also in the debugger, on the right hand pane, in the headers tab, I can see the request headers and the response headers.

The request headers show:
Accept: application/javascript, / ;q-0.8

The response headers show: Content-Type: text/html; charset-utf-8

I have a feeling this is where the "mismatch" is happening, but I don't know where the "text/html" is coming from. As mentioned, my code has the type set to "application/javascript" and IIS is set to "application/javascript".

I will include an image to try and encapsulate everything that is going on:

(apparently I need at least 10 reputation points before I can post an image, so I can't provide any images).

The expected result is that I do not get a mime type mismatch and that my javascript files are allowed to execute.

Answer 1

I figured it out.

There was a setting in the web.config that was causing this.

I don't know the reason it works, but I commented out that setting.

In the "system.webServer" section, there was a section for "handlers" In the "handlers" section, the following needed to be commented out:

<add name="JS" path="*.js" verb="GET, HEAD, POST, DEBUG" type="System.Web.UI.PageHandlerFactory" resourceType="Unspecified" requiredAccess="Script" />

After commenting out this section, the javascript files are no longer blocked due to mime type mismatches.