Apply information security header: X-Content-Type-Options:nosniff File Upload not working

Offline Duke 4 months ago

Dear All,

Apply information security header: X-Content-Type-Options:nosniff File Upload not working

My Env description as follows:

1. IIS 10

2. Aras Innovator 11Sp12

Error Message:

Refused to execute script from 'localhost/.../include.aspx

Because its MINE type ('text/css') is not executable, and strict MIME type checking is enabled.

How to resolve the issue?

Offline btredstone 4 months ago

The error you're encountering is related to the MIME (Multipurpose Internet Mail Extensions) type mismatch. The server is expecting a script file based on the file extension, but it receives a different MIME type, causing the execution to be blocked.

To resolve the issue of file uploads not working due to MIME type mismatch, follow these steps:

1. Set the correct MIME type for the file being uploaded.
2. Check and configure IIS to handle script files properly.
3. Apply the X-Content-Type-Options header with the value "nosniff" to prevent MIME type sniffing.

spacebar clicker
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel
Offline Duke 4 months ago in reply to btredstone

Dear Btredstone,

But include.aspx is Aras Innovator provide program. It response not correct mine-type.

HHow to resolve the core program issue?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Cancel