1

I'm having trouble with a 3rd-party javascript game that is installed on my site, where the content-type response header being returned is application/json rather than application/javascript for a resource being requested as jsonp. This doesn't seem to be an issue in Safari or Firefox, but it's throwing an error in Chrome.

The error I'm getting in the console is Refused to execute script from 'http://example.come/js/game/data/game-data.json' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.

Based on one recommended configuration, I've tried adding the following to an .htaccess file within the game root directory, but it doesn't seem to be having any effect:

<IfModule mod_mime.c> AddType application/javascript jsonp </IfModule>

I've confirmed that LoadModule mime_module modules/mod_mime.so is enabled in my httd.conf file. Are there other settings I need to try?

nkanderson
  • 113
  • 1
  • 5
  • MIME types set in the Apache configuration apply only to static files. You need to fix the application. – Michael Hampton Aug 18 '16 at 21:16
  • Apologies if this is a dumb question, but I'm new to dealing with MIME types and was not a part of this application development - by static files, do you mean those that will only be read as json (for example), not executed as js? Also - any idea why this would be a new issue in Chrome? – nkanderson Aug 18 '16 at 21:22
  • Static files are files that exist on the filesystem and are served as-is, not files generated dynamically by a web application. – Michael Hampton Aug 18 '16 at 21:24
  • The file isn't generated dynamically, but there is a fairly extensive js build process that uses create.js / preload.js and require.js. This json file is included through some preloadjs asset-loading. – nkanderson Aug 18 '16 at 21:38

1 Answers1

0

AddType application/javascript jsonp

jsonp in this context refers to the file extension of the static resource being requested. However, the quoted error states game-data.json (no p), which implies that it is an ordinary JSON string/data? application/json would normally be the correct mime-type for JSON data.

However, if game-data.json is really serving JSONP, then you should perhaps modify your AddType directive and drop the p:

AddType application/javascript json
MrWhite
  • 11,643
  • 4
  • 25
  • 40
  • I tried that setting previously, but I'm still getting the same error in Chrome. Here's where I get a bit lost in the json / jsonp distinction - the file is static and is requested in the asset-loading code as jsonp. The file contents are wrapped in a callback name and parentheses as expected for jsonp. When you say it's "really serving JSONP" - what does that mean and where would it be set? – nkanderson Aug 18 '16 at 22:29
  • By the sounds of it, it is "really serving JSONP" - ie. JSON data wrapped in a callback function. So this should indeed be executable JavaScript (ie. `application/javascript`). Make sure you've cleared the browser cache and what are the HTTP response headers as reported in the network traffic for this request? – MrWhite Aug 18 '16 at 22:55
  • 1
    Oof, ok, had to clear the cache (not something I typically have to do w/ htaccess changes + Chrome's incognito mode, but I guess it cached hard). So it technically works, but now haven't I just altered the headers for all json files just to get jsonp to have the correct content-type header? – nkanderson Aug 18 '16 at 23:14
  • Yes, all `.json` files will now be served with the `application/javascript` Content-Type header. However, that's arguably a fault of this 3rd party game. Static JSONP files shouldn't have the file extension `.json`, they should either be `.jsonp` (providing your server is set to respond with the correct header), or plain old `.js` (which is really what it is - JavaScript). However, it _probably_ won't matter if JSON and JSONP files are all served with the same `application/javascript` mime-type. – MrWhite Aug 18 '16 at 23:30
  • Cool, thanks. As a side note - this issue _just_ popped up - do you know if Chrome has recently made changes in the strictness of its MIME-type checking? – nkanderson Aug 18 '16 at 23:39
  • I'm unaware of any recent changes to Chrome that would affect this. In fact, [this question on SO](http://stackoverflow.com/questions/24528211/refused-to-execute-script-from-because-its-mime-type-application-json-is) from 2 years ago, appears to show the same problem. A server update is perhaps a more likely cause? – MrWhite Aug 19 '16 at 09:48