0

I am receiving the below error on client site. I am using jsonp and a callback function. These are the headers I have set

Refused to execute script from 'http://example.com/wp-content/plugins/plugin-name/includes/core-file.php" because its MIME type ('access-control-allow-methods: get') is not executable, and strict MIME type checking is enabled.

I have set these headers under my plugin core file.

//Typical headers
header('Content-Type: text/html');
header( "content-type: text/javascript; charset=utf-8" ); 
send_nosniff_header();

//Allow Cross-Origin Resource Sharing
header("Access-Control-Allow-Origin: *");   
header("content-type: Access-Control-Allow-Methods: GET");

Please, can some one help me to resolve this! relevant link

Community
  • 1
  • 1
Himani
  • 245
  • 1
  • 2
  • 20
  • `header("content-type: Access-Control-Allow-Methods: GET");` makes no sense. "Content-type" should specify what type of data you're returning (e.g. HTML, JSON, XML etc). You've already set the content-type header twice above that, to two separate values - decide what you're returning and set the header _once_. Meanwhile, "Access-Control-Allow-Methods" is an entirely separate header. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods. Try simply `header("Access-Control-Allow-Methods: GET");`. – ADyson Mar 30 '17 at 12:36
  • @ADyson so you mean I should remove header( "content-type: text/javascript; charset=utf-8" ); – Himani Mar 30 '17 at 12:38
  • It depends. If you are returning HTML, then yes remove that one. If you are returning Javascript, then remove the HTML one. – ADyson Mar 30 '17 at 12:40
  • for jsonp isn't the header( "content-type: text/javascript; charset=utf-8" ); is important? – Himani Mar 30 '17 at 12:40
  • I don't know much about JSONP. You'll have to find out which is the appropriate header. But having both of them is clearly a mistake - they contradict each other. – ADyson Mar 30 '17 at 12:41
  • Ok i will make the changes. Thanks a lot! – Himani Mar 30 '17 at 12:46
  • @ADyson sorry i forgot to share one point like I am able to view the results correctly with the same configuration. only one client is facing this issue – Himani Mar 30 '17 at 12:51
  • then you should find out what their configuration is - browser version, OS version etc. Perhaps their browser cannot understand the mangled headers. Either way, you should fix this because it clearly isn't right and it's causing someone a problem. – ADyson Mar 30 '17 at 12:52
  • Yes, definitely! – Himani Mar 30 '17 at 12:54

0 Answers0