{"id":4984,"date":"2023-03-17T16:09:41","date_gmt":"2023-03-17T15:09:41","guid":{"rendered":"https:\/\/ekiwi.de\/index.php\/4984\/the-resource-was-blocked-because-of-a-mime-type-conflict-nosniff\/"},"modified":"2025-05-01T10:49:06","modified_gmt":"2025-05-01T08:49:06","slug":"the-resource-was-blocked-because-of-a-mime-type-conflict-nosniff","status":"publish","type":"post","link":"https:\/\/ekiwi.de\/en\/index.php\/4984\/the-resource-was-blocked-because-of-a-mime-type-conflict-nosniff\/","title":{"rendered":"The resource was blocked because of a MIME type conflict (nosniff)."},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of content<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/ekiwi.de\/en\/index.php\/4984\/the-resource-was-blocked-because-of-a-mime-type-conflict-nosniff\/#What_is_the_%E2%80%9Cnosniff%E2%80%9D_header\" >What is the &#8220;nosniff&#8221; header<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/ekiwi.de\/en\/index.php\/4984\/the-resource-was-blocked-because-of-a-mime-type-conflict-nosniff\/#Problem_solution\" >Problem solution<\/a><\/li><\/ul><\/nav><\/div>\n<p>Error accessing a script generated by PHP.<\/p>\n<p><!--more--><\/p>\n<p>I was trying to move a script to a new server for a client. The script in question is the &#8220;<a href=\"https:\/\/www.phpjabbers.com\/member-login-script\/\" target=\"_blank\" rel=\"noopener\">Member Login Script<\/a>&#8221; by PHPJabbers. However, the error is independent of the script and occurs when the server returns a different mime type as a document than expected. In this specific case, the following error appeared in the browser&#8217;s error console:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4979\" src=\"\/wp-content\/uploads\/2023\/03\/mime_1.png\" alt=\"\" width=\"710\" height=\"66\" srcset=\"\/wp-content\/uploads\/2023\/03\/mime_1.png 710w, \/wp-content\/uploads\/2023\/03\/mime_1-300x28.png 300w\" sizes=\"auto, (max-width: 710px) 100vw, 710px\" \/><\/p>\n<pre>The resource of \"\/user\/members\/index.php\/user\/members\/index.php?controller=pjFront&amp;action=pjActionLogin\"\r\nwas blocked because of a MIME type conflict (\"text\/html\") (X-Content-Type-Options: nosniff).\r\n<\/pre>\n<p>The <a title=\"How to insert a line break in Visual Studio Resource Editor and which keyboard shortcut to use.\" href=\"https:\/\/ekiwi.de\/en\/index.php\/6598\/visual-studio-line-break-in-resource-file\/\">resource<\/a> or the PHP spits out a Java script and is included with a <code>&lt;script&gt;<\/code> tag. The type &#8220;text\/javascript&#8221; is expected here, but the HTTP header specifies that &#8220;text\/html&#8221; is delivered by the script.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_is_the_%E2%80%9Cnosniff%E2%80%9D_header\"><\/span>What is the &#8220;nosniff&#8221; header<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>?<\/p>\n<p>Brief definition:<\/p>\n<p>The &#8220;X-Content-Type-Options: nosniff&#8221; header is an HTTP header sent by web servers to instruct the browser not to guess the MIME type of a document and instead use the MIME type provided by the server. This means that the browser does not interpret the document as a different type than intended by the server.<\/p>\n<p>This is important to avoid security problems that can be caused by so-called &#8220;MIME sniffing&#8221;. MIME sniffing is a behaviour of browsers where they try to guess the MIME type of a document if it has not been explicitly specified by the server. This can lead to security problems, as an attacker can provide a document with a MIME type that is considered more secure by the browser than the actual MIME type of the document.<\/p>\n<p>By sending the &#8220;X-Content-Type-Options: nosniff&#8221; header, a web server can prevent browsers from interpreting documents with an incorrect MIME type and thus avoid security problems.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Problem_solution\"><\/span>Problem solution<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The background is therefore a server configuration. This can now either be changed, e.g. via HtAccess:<\/p>\n<pre>&lt;IfModule mod_headers.c&gt;\r\n    Header always set X-Content-Type-Options \"nosniff\"\r\n&lt;\/IfModule&gt;<\/pre>\n<p>However, this did not work for me. Either the corresponding module was not installed or .htaccess files were simply deactivated.<\/p>\n<p>In my case, I helped myself by writing a proxy script:<\/p>\n<pre>&lt;?php\r\nheader(\"Content-Type: text\/javascript\");\r\n$content = file_get_contents(\"\/user\/members\/index.php?controller=pjFront&amp;action=pjActionLogin\");\r\necho $content;\r\n<\/pre>\n<p>This first sets the correct header, then the script is read in and simply output. Afterwards, the script worked and the login appeared.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4981\" src=\"\/wp-content\/uploads\/2023\/03\/mime_2.png\" alt=\"\" width=\"528\" height=\"266\" srcset=\"\/wp-content\/uploads\/2023\/03\/mime_2.png 528w, \/wp-content\/uploads\/2023\/03\/mime_2-300x151.png 300w\" sizes=\"auto, (max-width: 528px) 100vw, 528px\" \/><\/p>","protected":false},"excerpt":{"rendered":"<p>Error accessing a script generated by PHP.<\/p>\n","protected":false},"author":1,"featured_media":64,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[881,882,870],"tags":[],"class_list":["post-4984","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-javascript-en","category-php-en","category-programming"],"_links":{"self":[{"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/posts\/4984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/comments?post=4984"}],"version-history":[{"count":0,"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/posts\/4984\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/media\/64"}],"wp:attachment":[{"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/media?parent=4984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/categories?post=4984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ekiwi.de\/en\/index.php\/wp-json\/wp\/v2\/tags?post=4984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}