[horde] X-Content-Type-Options: nosniff and Chrome 45
Michael M Slusarz
slusarz at horde.org
Fri Sep 18 05:23:49 UTC 2015
Quoting A. Schulze <sca at andreasschulze.de>:
> Jan Schneider:
>
>> Zitat von Eric <eric at fayolle.info>:
>>> ... chrome 45:
>>> Refused to execute script from
>>> 'https://domain.tld/services/cache.php?cache=js%2Fcid%3D830ad1f3732179df'
>>> because its MIME type ('text/js') is not executable, and strict MIME type
>>> checking is enabled.
> ...
>> Fixed in Git.
>
> Hello,
>
> could one explain *what* was changed?
> I'm interested because I also use these headers together with horde
> and Firefox
> * x-content-type-options: nosniff
> * x-xss-protection: 1; mode=block
> * x-frame-options: sameorigin
> (still) without problems.
Jan's change only is relevant if you are serving JS via "dynamic"
caching - not using static files that actually live on the filesystem.
Which is an approach that is NOT recommended, so it shouldn't affect
most people.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the horde
mailing list