Resource blocked due to MIME type mismatch (X-Content-Type-Options: nosniff)
JavascriptMimeJavascript Problem Overview
I am developing a web page using JavaScript and HTML, everything was working good when I have received this list of errors from my HTML page:
The resource from “https://raw.githubusercontent.com/dataarts/dat.gui/master/build/dat.gui.min.js”
was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).
The resource from “https://raw.githubusercontent.com/mrdoob/three.js/dev/build/three.js” was
blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).
The resource from “https://raw.githubusercontent.com/mrdoob/three.js/master/examples/js/renderers/CanvasRenderer.js”
was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).
The resource from “https://raw.githubusercontent.com/mrdoob/three.js/master/examples/js/renderers/Projector.js”
was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).
The resource from “https://raw.githubusercontent.com/mrdoob/three.js/dev/build/three.js” was
blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).
These errors appeared after an automatic browser update (Mozilla Firefox), may be something has been changed in the set up. Do you know any way to solve this problem?
Javascript Solutions
Solution 1 - Javascript
Check if the file path is correct and the file exists - in my case that was the issue - as I fixed it, the error disappeared
Solution 2 - Javascript
This can be fixed by changing your URL to use a mirror/proxy. Instead of using GitHub:
https://raw.githubusercontent.com/svnpenn/bm/master/yt-dl/yt-dl.js
Content-Type: text/plain; charset=utf-8
Use a third-party cache:
https://cdn.rawgit.com/svnpenn/bm/master/yt-dl/yt-dl.js
content-type: application/javascript;charset=utf-8
rawgit.com was a caching proxy service for GitHub that has shut down since 2018. See its FAQ
Solution 3 - Javascript
We started facing this error in production after our devops team changed the webserver configuration by adding X-Content-Type-Options: nosniff. Now, due to this, browser was forced to interpret the resources as it was mentioned in content-type parameter of response headers.
Now, from the beginning, our application server was explicitly setting content-type of the js files as text/plain. Since, X-Content-Type-Options: nosniff was not set in webserver, browser was automatically interpreting the js files as JavaScript files although the content-type was mentioned as text/plain. This is called as MIME-sniffing. Now, after setting X-Content-Type-Options: nosniff, browser was forced to not do the MIME-sniffing and take the content-type as mentioned in response headers. Due to this, it did interpret js files as plain text files and denied to execute them or blocked them. The same is shown in your errors.
Solution: is to make your server set the content-type of JS files as
application/javascript;charset=utf-8
This way, it will load all JS files normally and issue will get resolved.
Solution 4 - Javascript
check your path ,this error will come if file was not exist into given path.
Solution 5 - Javascript
Are you using express?
Check your path(note the "/" after /public/):
app.use(express.static(__dirname + "/public/"));
//note: you do not need the "/" before "css" because its already included above:
rel="stylesheet" href="css/style.css
Hope this helps
Solution 6 - Javascript
For Wordpress
In my case i just missed the slash "/" after get_template_directory_uri() so resulted / generated path was wrong:
My Wrong code :
wp_enqueue_script( 'retina-js', get_template_directory_uri().'js/retina.min.js' );
My Corrected Code :
wp_enqueue_script( 'retina-js', get_template_directory_uri().'/js/retina.min.js' );
Solution 7 - Javascript
It might be a wrong path. Ensure in your main app file you have:
app.use(express.static(path.join(__dirname,"public")));
Example link to your css as:
<link href="/css/clean-blog.min.css" rel="stylesheet">
similar for link to js files:
<script src="/js/clean-blog.min.js"></script>
Solution 8 - Javascript
This might be because the browser cannot access a file. I stumbled with this type of error when creating application with node.js. You can try to directly request the script file (copying and pasting url) and see if you can retrieve it. You can see then what the real problem is. It can be because of permission of folder in which the file is located, or browser just cannot find it due to incorrect path to it. In node.js, after specifying route to file, all works.
Solution 9 - Javascript
I've solved this problem by changing charset in js-files from UTF-8 without BOM to simple UTF-8 in Notepad++
Solution 10 - Javascript
I had this error when i was using the azure storage as a static website, the js files that are copied had the content type as text/plain; charset=utf-8 and i changed the content type to application/javascript
It started working.
Solution 11 - Javascript
It happened to me for wrong tag. By mistake I add the js file in link tag.
Example: (The Wrong One)
<link rel="stylesheet" href="plugins/timepicker/bootstrap-timepicker.min.js">
It solved by using the correct tag for javascript. Example:
<script src="plugins/timepicker/bootstrap-timepicker.min.js"></script>
Solution 12 - Javascript
See for the protocols HTTPS and HTTP
Sometimes if you are using mixed protocols [this happens mostly with JSONP callbacks ] you can end up in this ERROR.
Make sure both the web-page and the resource page have the same HTTP protocols.
Solution 13 - Javascript
For anyone still having this error in Angular I was able to solve it by including "src/assets" in my angular.json file
"assets": ["src/favicon.ico", "src/assets", "src/upload.php"]
also the directory of your index.html should not be included in the assets. meaning you should not include "src" in "assets":[ ]
Solution 14 - Javascript
i also facing this same problem in django server.So i changed DEBUG = True in settings.py file its working