Refused to execute script because its MIME type ('application/gzip') is not executable, and strict MIME type checking is enabled
Question
I am trying to setup helmet security on my react application production server. But whenever I try hitting the URL. I get an error saying Refused to execute script from 'http://localhost:3000/static/js/app.378bd8b8eee930fb268c.js' because its MIME type ('application/gzip') is not executable, and strict MIME type checking is enabled.
For compression build I am using compression-webpack-plugin .
The compression build is working perfectly fine when I remove the helmet . Helmet Plugin Setting:
{"xssFilter": {"setOnOldIE": true}}
1 answers
solution1
1 2020-03-19 14:45:50
tl;dr: /static/js/app.378bd8b8eee930fb268c.js is being sent with a Content-Type of application/gzip but it should be application/javascript .
Author of Helmet here. This is happening because of the X-Content-Type-Options header, which Helmet automatically sets to nosniff . This tells browsers not to infer the type of the file, and to trust the Content-Type that the server sets.
As you can see in your screenshot, /static/js/app.378bd8b8eee930fb268c.js has a Content-Type of application/gzip . The browser refuses to interpret it as JavaScript because its Content-Type isn't application/javascript —that's the X-Content-Type-Options header in action.
You can fix your problem by fixing that—get your JavaScript files' Content-Type s to be application/javascript , not application/gzip .
solution2
0 2022-09-21 15:05:05
Check your Windows registry key.
C:\>reg query HKCR\.js /v "Content Type"
HKEY_CLASSES_ROOT\.js
Content Type REG_SZ text/plain
Update the key as following, it works for me.
C:\>reg add HKCR\.js /v "Content Type" /t REG_SZ /d application/javascript
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.