Javascript file delivered with application/json content type

AtlasOfLivingAustralia / regions

Regions front end web application

https://regions.ala.org.au

1 stars 16 forks source link

Javascript file delivered with application/json content type #63

Closed ansell closed 5 years ago

ansell commented 5 years ago

The /data/regionsMetadataJavascript URL contains a Javascript file, and is sourced using a script tag. However, it is being delivered with application/json as its content type, which breaks the application when the security headers for NGINX are enabled.

The header which triggers browsers to break in this case is:

X-Content-Type-Options: nosniff

Switching that security header off until the content type is fixed.

ansell commented 5 years ago

The fix for this looks straightforward, will test it once it is deployed to a test server.

ansell commented 5 years ago

/data/regionsMetadataJavascript on regions-test is now being delivered using text/javascript