x-content-type-options: nosniff header with cloudflare tunnels

[Klay4]

Hi, I encountered this problem by putting the camera under a zero trust cloudflare tunnel. When I access the web page everything was black except the sidebar.

Identification of the problem

After some digging, I found that theoretically tunnel/cloudflared/somewhere in the CF Proxy is adding the x-content-type-options: nosniff header, and those resources do exist but the origin server isn't returning the proper content types.

Content Type / Media Type (MIME Type) is the identifier for the file format/contents. The CF Proxy / somewhere is adding the nosniff header, a security feature, to stop the browser from trying to guess the content type of the file (which could be a security risk with user uploaded content and probably other reasons I don't remember/know). The root problem though is your origin server (the camera running yi-hack) isn't properly returning content types for the files.

WorkAround Fix

Easiest workaround fix for this is probably just to add a transform rule setting the content-type for files ending in .js

In your zone/website, Rules => Transform Rules => Create Transform Rule => Modify Response Header, then something like this:

Thanks to TylerO#3235 for helping me identify and solve the problem.

[roleoroleo]

Do you know a solution for this? Could I change something server side?

EDIT

Probably the solution is to add a mime mapping in the configuration file. If you want to try, stop the daemon, add the line .js:application/javascript to /tmp/httpd.conf (now is an empty file) and restart the daemon.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.