• State Not Answered
  • Replies 7 replies
  • Subscribers 13 subscribers
  • Views 8373 views
  • Users 0 members are here
Options
Related

Apply information security header: X-Content-Type-Options:nosniff File Upload not work

Duke
Offline

Dear All,

         Apply information security header: X-Content-Type-Options:nosniff   File Upload not work

My Env description as follows:

        1. IIS 10

        2. Aras Innovator 11Sp12


Error Message:

Refused to execute script from 'localhost/.../include.aspx

Because its MINE type ('text/css') is not executable, and strict MIME type checking is enabled.


How to resolve the issue?

Parents
  • 0

    Hi Duke,

    please do not double post. If something is urgent, just write that is it urgent :-).

    Where does the error message appear? Do you get it as pop-up when you try to upload a file?

    Do you have a brand new installation? If yes, is Vault configured correctly in code tree and database?

    Or does the error appear in an existing installation? In this case, does the error message only appear for CSS files? There are some mime type related settings in VaultServer\web.config which may have some influence. The error message somehow indicates, that Innovator want to execute the CSS file, but the browser does not allow it. In this case you could try a custom case for css in the web.config. 

    But I am just guessing! Let me know if anything of these tips were helpful!

    Angela

  • 0 Offline in reply to AngelaIp

    Dear ,

    some your provide related question to reply~

    Q1. Where does the error message appear?

    ==> from Google Chrome browser console screen.

    Q2. Do you get it as pop-up when you try to upload a file?

    ==> try to upload a file, just always waiting!

    Q3. Do you have a brand new installation?

    ==> No

    Q4. does the error appear in an existing installation?

    ==> Before add security header, that is ok!

    Q5. There are some mime type related settings in VaultServer\web.config which may have some influence.

    ==> It is include.aspx generate error!

  • 0 in reply to Duke

    Does the error message appear for all file types? What do you try to upload? txt, cad, xml, xls?

    Do you upload with the regular file picker or via Rest API?

    ==> Before add security header, that is ok! --> This one is a bit unclear. Have you modified security headers in IIS?

    Don´t be confused bei include.apsx error. That´s a general page. Error is caused probably by something else.

  • 0 Offline in reply to AngelaIp

    Dear ,

         Just try to upload txt file by  regular file picker.

         Before add security  header, this is ok!      i has modified security headers in IIS.

  • 0 Offline in reply to AngelaIp

    Dear Anglealp,

        i attached error message file ~Aras11SP12 UploadFile Error

    Aras11SP12 UploadFile Error2

    So, i has reason believe the program about include.aspx has information security bug.

  • 0 in reply to Duke

    Why have you modified the security headers in the first place? Do you use a Innovator in a DMZ?

Reply Children