<![CDATA[Resources blocked by X-Content-Type-Options: nosniff]]>After adding Cantaloupe IIIF server to the App Whislist, for fun, I started to package this application. Everything works fine with a single configuration file.

However, if I activate the optional administration web page, the static resources (css and js) don't load because of a X-Content-Type-Options: nosniff block which comes from an incorrect MIME type of this served static resources.

Obviously the issue comes from the Cantaloupe side but is there a workaround on the Cloudron side?

]]>https://forum.cloudron.io/topic/4981/resources-blocked-by-x-content-type-options-nosniffRSS for NodeThu, 11 Jun 2026 00:15:54 GMTWed, 28 Apr 2021 06:54:27 GMT60<![CDATA[Reply to Resources blocked by X-Content-Type-Options: nosniff on Thu, 29 Apr 2021 16:14:10 GMT]]>@girish yes 👍

]]>https://forum.cloudron.io/post/30545https://forum.cloudron.io/post/30545Thu, 29 Apr 2021 16:14:10 GMT<![CDATA[Reply to Resources blocked by X-Content-Type-Options: nosniff on Thu, 29 Apr 2021 16:11:52 GMT]]>@jeau It got fixed already in https://github.com/cantaloupe-project/cantaloupe/commit/cf5be9112ee7ea561c2229ddada7bb94317369c7 , very nice.

]]>https://forum.cloudron.io/post/30544https://forum.cloudron.io/post/30544Thu, 29 Apr 2021 16:11:52 GMT<![CDATA[Reply to Resources blocked by X-Content-Type-Options: nosniff on Wed, 28 Apr 2021 20:07:07 GMT]]>@jeau hopefully, it's an easy upstream fix. after all, it's just setting of content-type correctly.

]]>https://forum.cloudron.io/post/30523https://forum.cloudron.io/post/30523Wed, 28 Apr 2021 20:07:07 GMT<![CDATA[Reply to Resources blocked by X-Content-Type-Options: nosniff on Wed, 28 Apr 2021 19:46:46 GMT]]>@girish thanks for the hack, it works but as you say it's not a solution.

I just created an issue on the Cantaloupe github repo https://github.com/cantaloupe-project/cantaloupe/issues/471

]]>https://forum.cloudron.io/post/30522https://forum.cloudron.io/post/30522Wed, 28 Apr 2021 19:46:46 GMT<![CDATA[Reply to Resources blocked by X-Content-Type-Options: nosniff on Wed, 28 Apr 2021 18:02:59 GMT]]>@jeau A hack is simply to edit the conf file in /etc/nginx/applications/<appid>.conf and then systemctl reload nginx. Of course, this change won't persist but atleast will let you move forward in packaging the app.

Do you have an upstream issue we can track? Just want to check if there is something we can do on the platform side, because removing it will let the browser start sniffing content and guess mime type which can be a security issue.

]]>https://forum.cloudron.io/post/30515https://forum.cloudron.io/post/30515Wed, 28 Apr 2021 18:02:59 GMT<![CDATA[Reply to Resources blocked by X-Content-Type-Options: nosniff on Wed, 28 Apr 2021 10:13:20 GMT]]>@jeau I don't think there is a solid non-temporary fix on Cloudron side and as you indicated, this should really be then fixed or patched in the app.

]]>https://forum.cloudron.io/post/30489https://forum.cloudron.io/post/30489Wed, 28 Apr 2021 10:13:20 GMT