问题
For many years I have successfully included javscript files which are dynamically created.
Here is an example: https://granadainfo.com/sups.php?locs=95
As you can see it loads OK.
I usually put them into the head of my html document like this.
script type="text/javascript" src="https://granadainfo.com/sups.php?locs=95"
/script
In the last few days they have stopped working.
The error message from firefox debugger console is the following.
The resource from “https://granadainfo.com/sups.php?locs=95” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
I use a2 web hosting. They must have made some change in configuration to make it stop working.
It may be that I can get over this problem with a line in the .htaccess file.
A2 hosting suggested this line but it does not work. Header always unset X-Frame-Options
The problem only happen when there is a get request. ie ?locs=95
There is no problem with static files.
I tried changing the file name to .js and changed the .htaccess file to parse .js as php but it makes no difference.
回答1:
PHP defaults to Content-Type: text/html. If you aren't serving HTML, then you need to use the header() function to state what you are serving.
<?php
header("Content-Type: application/javascript");
回答2:
The advanced support of A2 hosting eventually got back to me with a good answer. The following is based on what they said and it does solve the problem.
There is a simple solution.
For security reasons, we recently set "X-Content-Type-Options" to "nosniff" by default on all of our servers. If the option was not manually set in your ".htaccess" file, then the site just defaulted to whatever the server was using (nosniff). This is what was causing the error on the site.
Earlier in this ticket, you were told to unset the "X-Frame-Options" header mistakenly because that option is only for iframes. The actual header you needed to unset was "X-Content-Type-Options".
This is the line to add to the top of your .htaccess file.
Header always unset X-Content-Type-Options
回答3:
I agree with your answer.
In the end I have changed the filenames to .js and made .js parse with php like this in the .htacess file.
RewriteEngine on
AddHandler application/x-httpd-ea-php56 .php4 .php3 .php .phtml .htm .html .cgi .ics
.js
Then I added this to the top of all the files
header('Content-Type: text/javascript');
It now works.
All efforts to solve the problem with X-Content-Type-Options in the .htacess file failed.
来源:https://stackoverflow.com/questions/56359211/resource-blocked-due-to-mime-type