Apply information security header: X-Content-Type-Options:nosniff File Upload not work

Hi Duke,

please do not double post. If something is urgent, just write that is it urgent :-).

Where does the error message appear? Do you get it as pop-up when you try to upload a file?

Do you have a brand new installation? If yes, is Vault configured correctly in code tree and database?

Or does the error appear in an existing installation? In this case, does the error message only appear for CSS files? There are some mime type related settings in VaultServer\web.config which may have some influence. The error message somehow indicates, that Innovator want to execute the CSS file, but the browser does not allow it. In this case you could try a custom case for css in the web.config. 

But I am just guessing! Let me know if anything of these tips were helpful!

Angela

Dear AngelaIp,

some your provide related question to reply~

Q1. Where does the error message appear?

==> from Google Chrome browser console screen.

Q2. Do you get it as pop-up when you try to upload a file?

==> try to upload a file, just always waiting!

Q3. Do you have a brand new installation?

==> No

Q4. does the error appear in an existing installation?

==> Before add security header, that is ok!

Q5. There are some mime type related settings in VaultServer\web.config which may have some influence.

==> It is include.aspx generate error!

Dear AngelaIp,

some your provide related question to reply~

Q1. Where does the error message appear?

==> from Google Chrome browser console screen.

Q2. Do you get it as pop-up when you try to upload a file?

==> try to upload a file, just always waiting!

Q3. Do you have a brand new installation?

==> No

Q4. does the error appear in an existing installation?

==> Before add security header, that is ok!

Q5. There are some mime type related settings in VaultServer\web.config which may have some influence.

==> It is include.aspx generate error!

Does the error message appear for all file types? What do you try to upload? txt, cad, xml, xls?

Do you upload with the regular file picker or via Rest API?

==> Before add security header, that is ok! --> This one is a bit unclear. Have you modified security headers in IIS?

Don´t be confused bei include.apsx error. That´s a general page. Error is caused probably by something else.

Dear AngelaIp,

     Just try to upload txt file by  regular file picker.

     Before add security  header, this is ok!      i has modified security headers in IIS.

Dear Anglealp,

    i attached error message file ~

So, i has reason believe the program about include.aspx has information security bug.

Why have you modified the security headers in the first place? Do you use a Innovator in a DMZ?

Cause Security Company using software scan Web site, So must maintain the web site security level.

Not use innovator in DMZ, Just intranet.