147

I'm trying to access a script as JSON via AJAX, which works fine on Safari and other browsers but unfortunately will not execute in Chrome. It's coming with the following error:

Refused to execute script from '*' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.

Here's the request:

$.ajax({
    url: "http://some_url/test.json?callback=?",
    type: "GET",
    dataType: 'json',
    cache: true,
    success: function (data, status, error) {
      console.log('success', data);
    },
    error: function (data, status, error) {
      console.log('error', data, status, error);
    }
});

Does anyone have a workaround for this?

Smi
  • 13,850
  • 9
  • 56
  • 64
Paul Nelligan
  • 2,015
  • 2
  • 18
  • 18
  • 2
    So, what is this ressource? A JSONP script, or a JSON file? Does its MIME type match that? Apparently not. No need for a workaround, just *fix* it. – Bergi Jul 02 '14 at 12:30
  • removing the callback and using dataType jsonp does not fix the issue – Paul Nelligan Jul 02 '14 at 12:51
  • 2
    I meant, *fix* the *server response*. – Bergi Jul 02 '14 at 12:57
  • 5
    @Bergi: what if the server is outside of the OP's control? Maybe he's trying to use an [external API such as LinkedIn](http://stackoverflow.com/questions/29177190/display-number-of-linkedin-shares-client-only-without-authentication). – Dan Dascalescu Mar 20 '15 at 23:16
  • 2
    @DanDascalescu: He should report this as a bug, because it makes the API unusable. While waiting for this to be fixed, he can use a [proxy](http://stackoverflow.com/a/3076439/1048572) that changes mime type or content. – Bergi Mar 21 '15 at 12:11

7 Answers7

73

By adding a callback argument, you are telling jQuery that you want to make a request for JSONP using a script element instead of a request for JSON using XMLHttpRequest.

JSONP is not JSON. It is a JavaScript program.

Change your server so it outputs the right MIME type for JSONP which is application/javascript.

(While you are at it, stop telling jQuery that you are expecting JSON as that is contradictory: dataType: 'jsonp').

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • 1
    I've to use ajax between two sites. Guide me about they you are talking about to set "Change your server so it outputs the right MIME type for JSONP which is application/javascript". How to do thi – Taimoor Changaiz Dec 15 '14 at 13:07
  • @TaimoorChangaiz — I can't tell you that. If you are generating static files, it depends on the server you are using. If you are dynamically generating the content, it depends on the programming language (and possibly framework) you are using. Try [asking a question](http://stackoverflow.com/questions/ask) which describes what you have so far and exactly where you are stuck. – Quentin Dec 15 '14 at 13:55
  • thanks buddy. Btw I figured out issue. I was using dynamic files – Taimoor Changaiz Dec 16 '14 at 16:29
  • 23
    "Change your server" doesn't work if you're trying to use an [external API such as LinkedIn](http://stackoverflow.com/questions/29177190/display-number-of-linkedin-shares-client-only-without-authentication). – Dan Dascalescu Mar 20 '15 at 23:15
  • @DanDascalescu — That doesn't appear to be the case here, so it doesn't matter for this question. – Quentin Mar 21 '15 at 09:11
  • 1
    @Quentin It does matter since questions are supposed to be helpful to others, not just the OP. Google pointed me here and this doesn't help my case – Ruan Mendes Jan 10 '18 at 23:42
  • JSONP is a error *Refused to execute script from https because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.* ... problem crossDomain is terrible. – KingRider Jan 13 '18 at 13:48
  • @KingRider — Problem: JSONP is not HTML and software which claims it is is badly written or configured. – Quentin Jan 13 '18 at 18:29
  • How to do server output application/javascript? I have just file.js and that I import to html... so where to add MIME type? – user1405338 Mar 11 '18 at 21:54
  • @user1405338 — Depends on the server. – Quentin Mar 11 '18 at 22:17
  • I have apache php 7.1 – user1405338 Mar 11 '18 at 22:48
  • I don't know why Google pointed me here. I made a website using Django, it works fine on chrome in Windows(in normal mode), but when it comes to android devices, chrome doesn't load CSS/JS files. Same happens in incognito mode(in windows) . I gets an error in console ```Refused to apply style from 'http:*.**.***/static/css/materialize.min.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled```. I can't find an answer to this... @Quentin – Satyajit Jan 24 '21 at 17:18
58

If your proxy server or container adds the following header when serving the .js file, it will force some browsers such as Chrome to perform strict checking of MIME types:

X-Content-Type-Options: nosniff

Remove this header to prevent Chrome performing the MIME check.

Tom Chamberlain
  • 2,955
  • 20
  • 24
  • 15
    It's a bad practice not to provide the Content-Type header of resources served in web applications. Avoiding MIME sniffing from server-side (using the `X-Content-Type-Options: nosniff` header) is a good option to prevent content-sniffing attacks. – Andrés Morales Apr 21 '17 at 19:35
  • 1
    I had to add this as part of a security audit - now i don't know what to do!! :-( – James Poulose May 08 '18 at 20:02
11

FYI, I've got the same error from Chrome console. I thought my AJAX function causing it, but I uncommented my minified script from /javascripts/ajax-vanilla.min.js to /javascripts/ajax-vanilla.js. But in reality the source file was at /javascripts/src/ajax-vanilla.js. So in Chrome you getting bad MIME type error even if the file cannot be found. In this case, the error message is described as text/plain bad MIME type.

Lanti
  • 2,299
  • 2
  • 36
  • 69
2

For the record and Google search users, If you are a .NET Core developer, you should set the content-types manually, because their default value is null or empty:

var provider = new FileExtensionContentTypeProvider();
app.UseStaticFiles(new StaticFileOptions
{
    ContentTypeProvider = provider
});
VahidN
  • 18,457
  • 8
  • 73
  • 117
1

I encountered this error using IIS 7.0 with a custom 404 error page, although I suspect this will happen with any 404 page. The server returned an html 404 response with a text/html mime type which could not (rightly) be executed.

James Westgate
  • 11,306
  • 8
  • 61
  • 68
  • We had similar issue, returned content was a 302 (because user became unauthenticated) and it didn't have a content-type at all -> non-executable. – Pasi Savolainen Jan 31 '17 at 11:29
0

In my case, I use

$.getJSON(url, function(json) { ... });

to make the request (to Flickr's API), and I got the same MIME error. Like the answer above suggested, adding the following code:

$.ajaxSetup({ dataType: "jsonp" });

Fixed the issue and I no longer see the MIME type error in Chrome's console.

Dan Dascalescu
  • 143,271
  • 52
  • 317
  • 404
Daniel
  • 1,352
  • 1
  • 14
  • 16
0

if application is hosted on IIS, make sure Static Content is installed. Control Panel > Programs > Turn Windows features on or off > Internet Information Services > World Wide Web Services > Common HTTP Features > Static Content.

I faced this problem when trying to run an existing application on a new IIS 10.0 installation

user890255
  • 458
  • 5
  • 9