[horde] X-Content-Type-Options: nosniff and Chrome 45

A. Schulze sca at andreasschulze.de
Fri Sep 18 05:16:51 UTC 2015


Jan Schneider:

> Zitat von Eric <eric at fayolle.info>:
>> ... chrome 45:
>> Refused to execute script from
>> 'https://domain.tld/services/cache.php?cache=js%2Fcid%3D830ad1f3732179df'
>> because its MIME type ('text/js') is not executable, and strict MIME type
>> checking is enabled.
...
> Fixed in Git.

Hello,

could one explain *what* was changed?
I'm interested because I also use these headers together with horde  
and Firefox
  * x-content-type-options: nosniff
  * x-xss-protection: 1; mode=block
  * x-frame-options: sameorigin
(still) without problems.

Thanks
Andreas



More information about the horde mailing list