I have a very bizzare problem. I've been working on a project for 2 months. I develop on a Windows machine, use Docker to containerize and then i upload to a cloud service. All of a sudden, a single javascript file started to return 404. With the X-Content-Type-Options "nosniff" header it says that the MIME type is text/html which reveals more about the problem. I have a file that is very similar that works fine. I have numerous other js files that are also fine. Only this one does it and it started only recently.
GET https://localhost:8080/assets/dashboard/js/xxx.js net::ERR_ABORTED 404
Refused to execute script from 'https://localhost:8080/assets/dashboard/js/xxx.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
without the X-Content-Type-Options "nosniff" it is simply
GET https://localhost:8080/assets/dashboard/js/xxx.js net::ERR_ABORTED 404
I looked into the line endings issue after some Googling and all my line endings are CRLF. I checked the working and the non-working file with Notepad and the line endings are the same. I then installed XAMPP to see how it would behave running under linux (like in the container) and it also works fine. It only stops working when i containerize with Docker. It could be a recent update of Docker for Windows app that caused it but i have no idea how to solve this anymore. I examined the file for irregularities - none found. Any help would be appreciated.
Doing a Invoke-WebRequest request, the headers:
$request.Headers
Key Value
--- -----
Date {Mon, 05 Dec 2022 22:21:04 GMT}
Server {Apache}
Cache-Control {no-store, must-revalidate, no-cache, max-age=0}
X-Frame-Options {DENY}
X-XSS-Protection {0}
Referrer-Policy {strict-origin-when-cross-origin}
Strict-Transport-Security {max-age=63072000; includeSubDomains; preload}
Permissions-Policy {display-capture=(),accelerometer=(),autoplay=(),camera=(),display-capture=(),docume…
X-Permitted-Cross-Domain-Policies {none}
Cross-Origin-Embedder-Policy {unsafe-none}
Cross-Origin-Opener-Policy {same-origin}
Cross-Origin-Resource-Policy {same-origin}
Content-Security-Policy {upgrade-insecure-requests;default-src 'none';style-src 'self' 'unsafe-inline' https…
Content-Length {4281}
Content-Type {text/html; charset=UTF-8}
CodePudding user response:
I have had this problem before. Windows would not care for capitalization while Linux does.
Check how you are calling your file and what is its name in reality.
You have masked it as xxx.js but let's use this example:
<script src="/js/main.js"></script>
but if in reality your file is called Main.js
, Windows will be fine - Linux will return 404. The MIME-Type error is really confusing and does not help troubleshooting this.