Resources blocked by X-Content-Type-Options: nosniff
-
After adding Cantaloupe IIIF server to the App Whislist, for fun, I started to package this application. Everything works fine with a single configuration file.
However, if I activate the optional administration web page, the static resources (css and js) don't load because of a
X-Content-Type-Options: nosniffblock which comes from an incorrect MIME type of this served static resources.Obviously the issue comes from the Cantaloupe side but is there a workaround on the Cloudron side?
-
After adding Cantaloupe IIIF server to the App Whislist, for fun, I started to package this application. Everything works fine with a single configuration file.
However, if I activate the optional administration web page, the static resources (css and js) don't load because of a
X-Content-Type-Options: nosniffblock which comes from an incorrect MIME type of this served static resources.Obviously the issue comes from the Cantaloupe side but is there a workaround on the Cloudron side?
-
After adding Cantaloupe IIIF server to the App Whislist, for fun, I started to package this application. Everything works fine with a single configuration file.
However, if I activate the optional administration web page, the static resources (css and js) don't load because of a
X-Content-Type-Options: nosniffblock which comes from an incorrect MIME type of this served static resources.Obviously the issue comes from the Cantaloupe side but is there a workaround on the Cloudron side?
@jeau A hack is simply to edit the conf file in
/etc/nginx/applications/<appid>.confand thensystemctl reload nginx. Of course, this change won't persist but atleast will let you move forward in packaging the app.Do you have an upstream issue we can track? Just want to check if there is something we can do on the platform side, because removing it will let the browser start sniffing content and guess mime type which can be a security issue.
-
@jeau A hack is simply to edit the conf file in
/etc/nginx/applications/<appid>.confand thensystemctl reload nginx. Of course, this change won't persist but atleast will let you move forward in packaging the app.Do you have an upstream issue we can track? Just want to check if there is something we can do on the platform side, because removing it will let the browser start sniffing content and guess mime type which can be a security issue.
@girish thanks for the hack, it works but as you say it's not a solution.
I just created an issue on the Cantaloupe github repo https://github.com/cantaloupe-project/cantaloupe/issues/471
-
@girish thanks for the hack, it works but as you say it's not a solution.
I just created an issue on the Cantaloupe github repo https://github.com/cantaloupe-project/cantaloupe/issues/471
-
@girish thanks for the hack, it works but as you say it's not a solution.
I just created an issue on the Cantaloupe github repo https://github.com/cantaloupe-project/cantaloupe/issues/471
-
@jeau It got fixed already in https://github.com/cantaloupe-project/cantaloupe/commit/cf5be9112ee7ea561c2229ddada7bb94317369c7 , very nice.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login