I have a fresh installation with Magento (Apache on os x). Frontend works, but backend is broken: console gives Refused to apply style from '<URL>' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
I have all .htacces files, I have a virtual host etc and tried re-deployed, clear cache methods etc. Nothing works.
Any idea what to do?
Related
What settings do I need to set in order to make Apache serve SVGs?
What I found:
These questions document the use of .htaccess to serve the SVGs with the correct MIME type "image/svg+xml" SVG images not displaying on certain web servers / https://mid.as/kb/00134/configuring-server-to-handle-svg-images / https://davidwalsh.name/serve-svg-image
This question handles the Requested URL not found
None of these helped resolve this issue.
Files:
.htaccess:
AllowOverride All
RewriteEngine on
AddType image/svg+xml svg
Folder structure:
Result:
Other:
Different files like .png work. I also tested it with Node (npx http-server) which worked.
AFAICR any recent version of Apache should have the SVG MIME type already configured. You shouldn't have to do it yourself unless you are running a very old version.
Anyway, a misconfigured MIME type wouldn't casue a 404. I think something else must be going on.
If you haven't already, try looking at the Network tab in your browser dev tools, and the Apache access log to check whether you are actually fetching the URL you think you are. And check that the file permissions are set correctly. Does the file have the correct owner, group, and permissions to be accessed by apache?
We have set request header X-Content-Type-Options:nosniff in a sample application.
To test it, I set a rule to change the content type of a js url from application/javascript to text/css through chrome app Requestly.
I was expecting that since the X-Content-Type-Options:nosniff is set, it should not allow the content type to change.
But when I run the application and check in Chrome developer tools for the js file url headers, I can see the new content type text/css and also error for executing the js file.
So I am wondering why it allowed the content type to change and if I am testing it the proper way ?
You can check whether the response headers include "x-content-type-options: nosniff" by running:
curl -I <URL_TO_VERIFY>
X-Content-Type-Options:nosniff will prevent the browser from performing MIME sniffing, it can not prevent any other entities, like a browser extension or proxies, from altering content-type.
MIME sniffing definition from MDN.
In the absence of a MIME type, or in some other cases where a client
believes they are incorrectly set, browsers may conduct MIME sniffing,
which is guessing the correct MIME type by looking at the resource.
Each browser performs this differently and under different
circumstances.
I tried the command below, but it doesn't work for me.
curl -I <URL_TO_VERIFY>
But this syntax works for me:
curl '*' -I <URL_TO_VERIFY>
If you run behind your company proxy:
curl --noproxy '*' -I <URL_TO_VERIFY>
I have a simple condition in my HAproxy config (I tried this for frontend and backend):
acl no_index_url path_end .pdf .doc .xls .docx .xlsx
rspadd X-Robots-Tag:\ noindex if no_index_url
It should add the no-robots header to content that should not be indexed. However it gives me this WARNING when parsing the config:
acl 'no_index_url' will never match because it only involves keywords
that are incompatible with 'backend http-response header rule'
and
acl 'no_index_url' will never match because it only involves keywords
that are incompatible with 'frontend http-response header rule'
According to documentation, rspadd can be used in both frontend and backend. The path_end is used in examples within frontend. Why am I getting this error and what does it mean?
Starting in HaProxy 1.6 you won't be able to just ignore the error message. To get this working use the temporary variable feature:
frontend main
http-request set-var(txn.path) path
backend local
http-response set-header X-Robots-Tag noindex if { var(txn.path) -m end .pdf .doc }
Apparently, even with the warning, having the acl within the frontend works perfectly fine. All the resources with .pdf, .doc, etc are getting the correct X-Robots-Tag added to them.
In other words, this WARNING is misleading and in reality the acl does match.
if using haproxy below v1.6, create a new backend block (could be a duplicate of the default backend) and add the special headers in there. then in frontend use that backend conditionally. i.e.
use_backend alt_backend if { some_condition }
admittedly not an ideal solution but it does the job.
I have upgraded from Apache 2.2 to 2.4 on a RedHat 6.4 server and came across an issue with mime types.
Apache has a DefaultType Directive. In Apache 2.2 I set this to "text/plain". I have a webpage that lists all files in a given directory and the user can click to view the files. This directory contains all types of different file extensions and some files with no extensions. When a file was clicked, it would open up in a new window nicely formatted. There is not any code doing this. It is strictly the browser opening the file and deciding what to do based on its content type.
This directive has been disabled in Apache 2.4. The Apache documentation website instructs the user to to use the mime.types configuration file and the AddType Directive to configure media types.
My question is how do I assign the "text/plain" mime type to files with no extension? In Apache 2.2 those files would be given the "text/plain" content type by default through the DefaultType Directive. In Apache 2.4 I cannot figure out how to do this since I can't use this directive anymore. I do not want to use the ForceType Directive because it would override other already defined mime types.
I could create a php wrapper that loads the file and assign a content type but I'd prefer to keep the logic within apache where all other mime type definitions are located.
Any help would be appreciated. If additional information is needed please let me know.
Extensionless files only
This solution affects only extensionless, statically served files: (credit Eugene Kerner)
<FilesMatch "^[^.]+$">
ForceType text/plain
</FilesMatch>
Any unknown content
This one affects any response that would otherwise be transmitted without a Content-Type header. In other words, it mimics the behaviour of the old DefaultType directive:
Header set Content-Type "text/plain" "expr=-z %{CONTENT_TYPE}"
It should be possible to use setifempty here instead of the -z expression. But it fails and overwrites the header in every response, empty or not. I don’t know why. Eric Covener says it’s because the Content-Type header isn’t added “until the very last second”.
I'm developing a website that has a HTML5 video. It looks like when ogg files are served with other mime types than video/ogg firefox flips. I've updated the mime.types file inside the mamp/apache/config folder and have restarted the MAMP server multiple times, but ogg files are still served with plain/text context-type.
Can someone point out what I need to do?
UPDATE
The only time I'm able to change the mime type is if I change the DefaultType text/plain to DefaultType video/ogg which is stupid.
The mime.types file is in Applications/MAMP/conf/apache
There you can alter your mime types.
Reset server after changing the file for it to take effect.
Do you have mod_mime_magic installed and enabled? Is your mime magic working correctly? When you do file -m on one of your OGG files, does it say it is a plain text file? Are the file extensions correct?
Adding mime-type is the same for all, it's just you need to understand how the types will be applied and what's the mime-type point is. In this answer I'll how I tried to add WebAssembly mime-type application/wasm in MAMP.
Here it goes:
I recently tried WebAssembly in MAMP and configured out the below mime-type that works for me.
First, we need to navigate the folder of MAMP in MacOS's Applications/MAMP/conf/apache, And then open the file mime.types in any editor.
After opening the file, add the following line anywhere in the mime.types file:
application/wasm wasm
Here is the example wasm mime type in my mime.types file:
#application/wasm
application/wasm wasm
In MAMP Pro these days you can add <VirtualHost> parameters using the gui. Here's a screenshot showing how I add MIME types for .mjs and .wasm as:
AddType application/javascript .mjs
AddType application/wasm wasm
screenshot
Don't forget to restart the server after adding.