search

smicallef / spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
http://www.spiderfoot.net
MIT License
12.82k stars 2.24k forks source link

JavaScript blocked due to MIME type ("text/plain") mismatch #1146

Open yannik1015 opened 3 years ago

yannik1015 commented 3 years ago

Hey I think i am having the same Issue as #536 with the difference that i am running Windows 10. Using Ubuntu with the WSL works fine though so the problem seems only to occour on Windows.

Here the console log from the webbrowser:

The resource from “http://127.0.0.1:3000/static/js/viz.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
The resource from “http://127.0.0.1:3000/static/js/spiderfoot.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
Loading failed for the <script> with source “http://127.0.0.1:3000/static/js/spiderfoot.js”. 127.0.0.1:3000:11:1
The resource from “http://127.0.0.1:3000/static/js/jquery.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
The resource from “http://127.0.0.1:3000/static/js/bootstrap.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
The resource from “http://127.0.0.1:3000/static/js/jquery.tablesorter.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
The resource from “http://127.0.0.1:3000/static/js/d3.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
The resource from “http://127.0.0.1:3000/static/js/spiderfoot.scanlist.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
The resource from “http://127.0.0.1:3000/static/js/jquery.tablesorter.pager.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
The resource from “http://127.0.0.1:3000/static/js/viz.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
Loading failed for the <script> with source “http://127.0.0.1:3000/static/js/viz.js”. 127.0.0.1:3000:12:1
This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”. 127.0.0.1:3000
The resource from “http://127.0.0.1:3000/static/js/jquery.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
Loading failed for the <script> with source “http://127.0.0.1:3000/static/js/jquery.min.js”. 127.0.0.1:3000:84:1
The resource from “http://127.0.0.1:3000/static/js/bootstrap.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
Loading failed for the <script> with source “http://127.0.0.1:3000/static/js/bootstrap.min.js”. 127.0.0.1:3000:85:1
The resource from “http://127.0.0.1:3000/static/js/jquery.tablesorter.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
Loading failed for the <script> with source “http://127.0.0.1:3000/static/js/jquery.tablesorter.min.js”. 127.0.0.1:3000:86:1
The resource from “http://127.0.0.1:3000/static/js/jquery.tablesorter.pager.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
Loading failed for the <script> with source “http://127.0.0.1:3000/static/js/jquery.tablesorter.pager.min.js”. 127.0.0.1:3000:87:1
The resource from “http://127.0.0.1:3000/static/js/d3.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
Loading failed for the <script> with source “http://127.0.0.1:3000/static/js/d3.min.js”. 127.0.0.1:3000:88:1
Uncaught ReferenceError: sf is not defined
    <anonymous> http://127.0.0.1:3000/:89
127.0.0.1:3000:89:1
The resource from “http://127.0.0.1:3000/static/js/spiderfoot.scanlist.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff). 127.0.0.1:3000
Loading failed for the <script> with source “http://127.0.0.1:3000/static/js/spiderfoot.scanlist.js”. 127.0.0.1:3000:98:1
bcoles commented 3 years ago

Is your CherryPy up to date? Outdated CherryPy was the cause of the other issues.

Alternatively a workaround exists but it's not an ideal solution: https://github.com/smicallef/spiderfoot/issues/536#issuecomment-665285520

The spiderfoot.scanlist.js file should be served with Content-Type: application/javascript :

# curl -isk 'http://127.0.0.1:5001/static/js/spiderfoot.scanlist.js'
HTTP/1.1 200 OK
Content-Type: application/javascript
Server: server
Date: Sun, 13 Jun 2021 03:31:58 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' ; script-src 'self' 'unsafe-inline' blob: ; style-src 'self' 'unsafe-inline' ; img-src 'self' data:
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Last-Modified: Tue, 20 Apr 2021 22:30:54 GMT
Accept-Ranges: bytes
Content-Length: 13876
yannik1015 commented 3 years ago

CherryPy is up to date with version 18.6.0

Hozaslan commented 5 months ago

Hello, Adding the following cherrypy config option on sf.py solved this problem for me on Windows

'tools.staticdir.content_types': {'js': 'text/javascript'} 

# Enable access to static files via the web directory
    conf = {
        '/query': {
            'tools.encode.text_only': False,
            'tools.encode.add_charset': True,
        },
        '/static': {
            'tools.staticdir.on': True,
            'tools.staticdir.dir': 'static',
            'tools.staticdir.root': f"{os.path.dirname(os.path.abspath(__file__))}/spiderfoot",
            'tools.staticdir.content_types': {'js': 'text/javascript'}
        }
    }

hope it helps