Resources blocked by X-Content-Type-Options: nosniff
-
After adding Cantaloupe IIIF server to the App Whislist, for fun, I started to package this application. Everything works fine with a single configuration file.
However, if I activate the optional administration web page, the static resources (css and js) don't load because of a
X-Content-Type-Options: nosniff
block which comes from an incorrect MIME type of this served static resources.Obviously the issue comes from the Cantaloupe side but is there a workaround on the Cloudron side?
-
@jeau A hack is simply to edit the conf file in
/etc/nginx/applications/<appid>.conf
and thensystemctl reload nginx
. Of course, this change won't persist but atleast will let you move forward in packaging the app.Do you have an upstream issue we can track? Just want to check if there is something we can do on the platform side, because removing it will let the browser start sniffing content and guess mime type which can be a security issue.
-
-
@jeau It got fixed already in https://github.com/cantaloupe-project/cantaloupe/commit/cf5be9112ee7ea561c2229ddada7bb94317369c7 , very nice.