Refused to execute script due to MIME Type issue (Javascript, Google Chrome)

0
votes

I'm getting this error message on my website:

Refused to execute script from 'http://viralsmods.com/scripts/loader.php?sids[]=1&sids[]=3&_=1429706046304' because its MIME type ('image/gif') is not executable.

The script in question is a PHP file that spits out JavaScript with a gif MIME type for concealment purposes (I understand this is not fool proof, but just a slight deterrent).

Anyways, this has been working fine for me for years and suddenly Chrome is giving me the above error in the developer tools console. Any idea as to why?

1
javascriptphpgoogle-chromemime-types
Is the header X-Content-Type-Options being set?epascarello
No, I literally just set one header and it was for the mime type.Keir Simmons
Why would you even do that?Slava Knyazev
@epascarello It seems setting header('X-Content-Type-Options:nosniff'); forces the strict MIME type checking. Is there a way to turn nosniff off?Keir Simmons

1 Answers

0
votes

Google updates automatically about every 6 weeks. There were probably checks added to the inclusion of Javascript files to help prevent problems executing bad files or thwart some security threat.