MIME Type ('text/plain') Is Not Executable After OHS Upgrade to 12.2.1.4
(Doc ID 3064815.1)
Last updated on DECEMBER 23, 2024
Applies to:
Oracle HTTP Server - Version 12.2.1.4.0 and laterInformation in this document applies to any platform.
Symptoms
Application deployed on WebLogic 12.2.1.4 refused to execute java script because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
Changes
The Application works well on OHS 12.2.1.3 + WLS 12.2.1.3. The issue occurs after OHS and WebLogic are upgraded to 12.2.1.4.
A: Compared the httpd.conf file of OHS 12.2.1.3 & 12.2.1.4, and find the differences:
OHS 12.2.1.4 sets the X-Content-Type-Options HTTP response header to "nosniff" instructs browsers only interprets files as the specified content type rather than trying to determine it based on the content, which could lead to execution of unintended scripts.
Then
B: Try to add mime type mapping
1) In the web.xml of web application as below:
<mime-mapping>
<extension>js</extension>
<mime-type>application/javascript</mime-type>
</mime-mapping>
2) in WebLogic <Domain_name>/config/mimemappings.properties as below:
js=application/javascript
Both methods do not resolve the issue. But a simple test case can work well as above setting. It is clear from here that the issue is caused by the application itself.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |