Disable Chrome strict MIME type checking

Question

Is there any way to disable strict MIME type checking in Chrome   Actually I m making a JSONP request on cross domain  Its working fine on Firefox but  while using chrome its giving some error in console      Refused to execute script from  https   example com  because its MIME type   text plain   is not executable  and strict MIME type checking is enabled    Its working perfectly in Mozilla   Issue is arising in chrome only  Here are the response Headers of the request    Cache-Control no-cache  no-store Connection Keep-Alive Content-Length 29303 Content-Type text plain charset ISO-8859-1 Date  xxxx Expires -1 Keep-Alive timeout 5 max-age Thu  01 Jan 1970 00 00 00 GMT pragma no-cache Set-Cookie xxxx Strict-Transport-Security  max-age 31536000  includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN   Workaround what i think   Externally setting content-type to application javascript

User · Answer

Another solution when a file pretends another extension

I use php inside of var.js file with this .htaccess.

<Files var.js>
    AddType application/x-httpd-php .js
</Files>

Then I write php code in the .js file

<?php
// This is a `.js` file but works with php
echo "var js_variable = '$php_variable';";

When I got the MIME type warning on Chrome, I fixed it by adding a Content-Type header line in the .js(but php) file.

<?php
header('Content-Type: application/javascript');        // <- Add this line
// This is a `.js` file but works with php
...

A browser won't execute .js file because apache sends the Content-Type header of the file as application/x-httpd-php that is defined in .htaccess. That's a security reason. But apache won't execute php as far as htaccess commands the impersonation, it's necessary. So we need to overwrite apache's Content-Type header with the php function header(). I guess that apache stops sending its own header when php sends it instead of apache before.

User · Answer

For Windows Users    If this issue occurs on your self hosted server  eg  your custom CDN  and the browser  Chrome  says something like       text plain   is not executable     when trying to load your javascript file       Here is what you need to do     Open the Registry Editor i e Win   R  gt  regedit  Head over to HKEY LOCAL MACHINE SOFTWARE Classes  js Check to if the Content Type is application javascript or not  If not  then change it to application javascript and try again

User · Answer

also had same problem once     if you are unable to solve the problem you can run the following command on command line chrome exe --user-data-dir  C   Chrome dev session  --disable-web-security    Note  you have to navigate to the installation path of your chrome  For example cd C  Program Files Google Chrome Application  A developer session chrome browser will be opened  you can now launch your app on the new chrome browse  I hope this should be helpful

User · Answer

In my case  I turned off X-Content-Type-Options on nginx then works fine  But make sure this declines your security level a little  Would be a temporally fix     Not work add header X-Content-Type-Options nosniff    OK  comment out   add header X-Content-Type-Options nosniff    It ll be the same for apache     lt IfModule mod headers c gt     Header set X-Content-Type-Options nosniff  lt  IfModule gt

User · Answer

The server should respond with the correct MIME Type for JSONP application javascript and your request should tell jQuery you are loading JSONP dataType   jsonp   Please see this answer for further details   You can also have a look a this one as it explains why loading  js file with text plain won t work

User · Answer

In case you are using node js  with express  If you want to serve static files in node js  you need to use a function  Add the following code to your js file  app use express static  quot public quot      Where app is  const express   require  quot express quot    const app   express     Then create a folder called public in you project folder   You could call it something else  this is just good practice but remember to change it from the function as well   Then in this file create another folder named css  and or images file under css if you want to serve static images as well   then add your css files to this folder  After you add them change the stylesheet accordingly  For example if it was  href  quot cssFileName css quot   and src  quot imgName png quot   Make them  href  quot css cssFileName css quot  src  quot css images imgName png quot   That should work

[javascript] Disable Chrome strict MIME type checking

Another solution when a file pretends another extension

Examples related to javascript

Examples related to jquery

Examples related to angularjs

Examples related to google-chrome