Non-Symlink Asset Resolver Doesn't Include Correct MIME Content-Type

[neildaniels]

Describe the bug The non-symlink'd asset resolver discussed in #1375 does not modify the Content-Type of the returned file.

This creates an immediate issue for JavaScript files, because a browser like Safari refuses to execute the JS code when paired with a 'X-Content-Type-Options: nosniff' header.

Refused to execute http://localhost/media/plugins/test/test-plugin/js/search.js as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type.

To Reproduce Steps to reproduce the behavior:

1. Add disable_functions=symlink to php.ini
2. Try and load a plugin's JS file

Expected behavior The HTTP response should have Content-Type: application/javascript.

Instead, I currently get Content-Type: text/x-Algol68; charset=UTF-8—which is unexpected.

Kirby Version 3.1.0-rc.1

Desktop (please complete the following information):

• OS: macOS 10.14.3 (18D109)
• Browser: Safari
• Version: 12.0.3 (14606.4.5)

Additional context My original workaround inferred the content type from the file extension, which at least made this a non-issue for trivial cases like JS files. https://github.com/getkirby/kirby/issues/1375#issuecomment-456529634

[bastianallgeier]

Oh, that's definitely not good :) I just switched the Response::file() method to your way of converting the extension to the mime type and added a unit test for it.