Disable Chrome strict MIME type checking

57
votes

Is there any way to disable strict MIME type checking in Chrome.

Actually I'm making a JSONP request on cross domain. Its working fine on Firefox but, while using chrome its giving some error in console.

Refused to execute script from 'https://example.com' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.

Its working perfectly in Mozilla.. Issue is arising in chrome only

Here are the response Headers of the request..

Cache-Control:no-cache, no-store
Connection:Keep-Alive
Content-Length:29303
Content-Type:text/plain;charset=ISO-8859-1
Date: xxxx
Expires:-1
Keep-Alive:timeout=5
max-age:Thu, 01 Jan 1970 00:00:00 GMT
pragma:no-cache
Set-Cookie:xxxx
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN

Workaround what i think : Externally setting content-type to application/javascript

6
javascriptjqueryangularjsgoogle-chrome
Have you seen this similar question? stackoverflow.com/questions/17341122/…Rory McCrossan
@Rory McCrossan yes... that questions refers fetching file from github.. and their is alternate workaround to export file as zip..Atul Sharma
What is the content you're sending as plain text?Rory McCrossan
its receiving a json.. response is like this ..angular.callbacks._3({json_data})Atul Sharma
I missed you're sending JSONP; you need to use the correct MIME type: application/javascriptRory McCrossan

6 Answers

14
votes

The server should respond with the correct MIME Type for JSONP application/javascript and your request should tell jQuery you are loading JSONP dataType: 'jsonp'

Please see this answer for further details ! You can also have a look a this one as it explains why loading .js file with text/plain won't work.

13
votes

In my case, I turned off X-Content-Type-Options on nginx then works fine. But make sure this declines your security level a little. Would be a temporally fix.

# Not work
add_header X-Content-Type-Options nosniff;
# OK (comment out)
#add_header X-Content-Type-Options nosniff;

It'll be the same for apache. 

<IfModule mod_headers.c>
  #Header set X-Content-Type-Options nosniff
</IfModule>
5
votes

For Windows Users :

If this issue occurs on your self hosted server (eg: your custom CDN) and the browser (Chrome) says something like ... ('text/plain') is not executable ... when trying to load your javascript file ...

Here is what you need to do :

  1. Open the Registry Editor i.e Win + R > regedit
  2. Head over to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.js
  3. Check to if the Content Type is application/javascript or not
  4. If not, then change it to application/javascript and try again
4
votes

also had same problem once,

if you are unable to solve the problem you can run the following command on command line
chrome.exe --user-data-dir="C://Chrome dev session" --disable-web-security

Note: you have to navigate to the installation path of your chrome.
For example:cd C:\Program Files\Google\Chrome\Application

A developer session chrome browser will be opened, you can now launch your app on the new chrome browse.
I hope this should be helpful

1
votes

Another solution when a file pretends another extension

I use php inside of var.js file with this .htaccess.

<Files var.js>
    AddType application/x-httpd-php .js
</Files>

Then I write php code in the .js file

<?php
// This is a `.js` file but works with php
echo "var js_variable = '$php_variable';";

When I got the MIME type warning on Chrome, I fixed it by adding a Content-Type header line in the .js(but php) file.

<?php
header('Content-Type: application/javascript');        // <- Add this line
// This is a `.js` file but works with php
...

A browser won't execute .js file because apache sends the Content-Type header of the file as application/x-httpd-php that is defined in .htaccess. That's a security reason. But apache won't execute php as far as htaccess commands the impersonation, it's necessary. So we need to overwrite apache's Content-Type header with the php function header(). I guess that apache stops sending its own header when php sends it instead of apache before.

0
votes

In case you are using node.js (with express)

If you want to serve static files in node.js, you need to use a function. Add the following code to your js file:

app.use(express.static("public"));

Where app is:

const express = require("express");
const app = express();

Then create a folder called public in you project folder. (You could call it something else, this is just good practice but remember to change it from the function as well.)

Then in this file create another folder named css (and/or images file under css if you want to serve static images as well.) then add your css files to this folder.

After you add them change the stylesheet accordingly. For example if it was:

href="cssFileName.css"

and

src="imgName.png"

Make them:

href="css/cssFileName.css"
src="css/images/imgName.png"

That should work👌🏽