Refused to Execute Script From Because Its MIME Type (Text/plain) Is Not Executable, and Strict MIME

技术小黑屋

发布于 2018-09-04 17:15:11

5.2K0

发布于 2018-09-04 17:15:11

今天又与这个问题相遇了,Orz,还是研究一下解决方法和出现原因吧。刚刚在github上传了一个js文件，想让这个文件被其他网页引用，于是贴出了这个文件的raw版本的地址。但是却就遇到了这样的问题。

这就是出现错误的代码

1 2 3 4 5 6 7	<html> <script src="http://droidyue-tools.qiniudn.com/jquery.min.js"></script> <script src="https://raw.githubusercontent.com/androidyue/weekly-scripts/master/javascript/target_blank_link.js"></script> <div> <a href="http://droidyue.com">droidyue.com</a> </div> </html>

解决方法

将上面的链接中的raw.githubusercontent.com换成rawgit.com即可，此例中的网址最终为 https://rawgit.com/androidyue/weekly-scripts/master/javascript/target_blank_link.js

原因

因为raw.githubusercontent.com在Response中设置了X-Content-Type-Options:nosniff，告诉浏览器强制检查资源的MIME，进行加载。

下面就是未处理的HTTP Response

lineos:false

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

HTTP/1.1 200 OK Date: Sat, 27 Sep 2014 09:27:12 GMT Server: Apache Access-Control-Allow-Origin: https://render.githubusercontent.com Content-Security-Policy: default-src 'none' X-XSS-Protection: 1; mode=block X-Frame-Options: deny X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 ETag: "4f10b14e4a81a195976ea05787287a019c8bcf6f" Content-Type: text/plain; charset=utf-8 Cache-Control: max-age=300 Content-Encoding: gzip Content-Length: 204 Accept-Ranges: bytes Via: 1.1 varnish X-Served-By: cache-lax1426-LAX X-Cache: HIT X-Cache-Hits: 1 Vary: Authorization,Accept-Encoding Expires: Sat, 27 Sep 2014 09:32:12 GMT Source-Age: 44 Keep-Alive: timeout=10, max=50 Connection: Keep-Alive