MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff)

Hey there, would anybody to able to resolve this issue: “The resource from “http://localhost:1313/plugins/easing.min.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).”

This is some sort of a conflict with nosniff — when that header is enabled, JavaScript files need to have the MIME type application/javascript (text/javascript should also work) for security reasons, since nosniff tells the browser not to accept MIME types it’s not expecting (which is a good thing!) Here’s a good rundown on that.

Are you using something other than hugo serve (or hugo server) to locally preview your site? For me, both set a Content-Type of application/javascript on .js files, and nosniff doesn’t even appear to be set.

1 Like

When running hugo server, text/plain usually means HTTP 404. There is an issue about getting 404 redirect support in the dev server, which would then give text/html as MIME.

TIL about helmet and that looks super useful in Electron apps. Thanks, bos. :+1:t3: