Chrome refuses to execute an AJAX script due to wrong MIME type

javascript jquery ajax json google-chrome

316,151

Solution 1

By adding a callback argument, you are telling jQuery that you want to make a request for JSONP using a script element instead of a request for JSON using XMLHttpRequest.

JSONP is not JSON. It is a JavaScript program.

Change your server so it outputs the right MIME type for JSONP which is application/javascript.

(While you are at it, stop telling jQuery that you are expecting JSON as that is contradictory: dataType: 'jsonp').

Solution 2

If your proxy server or container adds the following header when serving the .js file, it will force some browsers such as Chrome to perform strict checking of MIME types:

X-Content-Type-Options: nosniff

Remove this header to prevent Chrome performing the MIME check.

Solution 3

FYI, I've got the same error from Chrome console. I thought my AJAX function causing it, but I uncommented my minified script from /javascripts/ajax-vanilla.min.js to /javascripts/ajax-vanilla.js. But in reality the source file was at /javascripts/src/ajax-vanilla.js. So in Chrome you getting bad MIME type error even if the file cannot be found. In this case, the error message is described as text/plain bad MIME type.

Solution 4

For the record and Google search users, If you are a .NET Core developer, you should set the content-types manually, because their default value is null or empty:

var provider = new FileExtensionContentTypeProvider();
app.UseStaticFiles(new StaticFileOptions
{
    ContentTypeProvider = provider
});

Solution 5

I encountered this error using IIS 7.0 with a custom 404 error page, although I suspect this will happen with any 404 page. The server returned an html 404 response with a text/html mime type which could not (rightly) be executed.

View more solutions

316,151

Author by

Paul Nelligan

Updated on August 14, 2020

Comments

Paul Nelligan over 3 years
I'm trying to access a script as JSON via AJAX, which works fine on Safari and other browsers but unfortunately will not execute in Chrome. It's coming with the following error:

Refused to execute script from '*' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.

Here's the request:
```
$.ajax({
    url: "http://some_url/test.json?callback=?",
    type: "GET",
    dataType: 'json',
    cache: true,
    success: function (data, status, error) {
      console.log('success', data);
    },
    error: function (data, status, error) {
      console.log('error', data, status, error);
    }
});
```
Does anyone have a workaround for this?
Taimoor Changaiz over 9 years

I've to use ajax between two sites. Guide me about they you are talking about to set "Change your server so it outputs the right MIME type for JSONP which is application/javascript". How to do thi
Quentin over 9 years

@TaimoorChangaiz — I can't tell you that. If you are generating static files, it depends on the server you are using. If you are dynamically generating the content, it depends on the programming language (and possibly framework) you are using. Try asking a question which describes what you have so far and exactly where you are stuck.
Taimoor Changaiz over 9 years

thanks buddy. Btw I figured out issue. I was using dynamic files
Dan Dascalescu about 9 years

"Change your server" doesn't work if you're trying to use an external API such as LinkedIn.
Quentin about 9 years

@DanDascalescu — That doesn't appear to be the case here, so it doesn't matter for this question.
Pasi Savolainen over 7 years

We had similar issue, returned content was a 302 (because user became unauthenticated) and it didn't have a content-type at all -> non-executable.
Andrés Morales about 7 years

It's a bad practice not to provide the Content-Type header of resources served in web applications. Avoiding MIME sniffing from server-side (using the X-Content-Type-Options: nosniff header) is a good option to prevent content-sniffing attacks.
Ellisan over 6 years

Thank you a lot! This was my problem aswell. It was in the wrong directory.
Ruan Mendes over 6 years

@Quentin It does matter since questions are supposed to be helpful to others, not just the OP. Google pointed me here and this doesn't help my case
KingRider over 6 years

JSONP is a error Refused to execute script from https because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled. ... problem crossDomain is terrible.
Quentin over 6 years

@KingRider — Problem: JSONP is not HTML and software which claims it is is badly written or configured.
user1405338 about 6 years

How to do server output application/javascript? I have just file.js and that I import to html... so where to add MIME type?
Quentin about 6 years

@user1405338 — Depends on the server.
user1405338 about 6 years

I have apache php 7.1
Beto Aveiga about 6 years

You saved me 1 hour today champ! Thanks
James Poulose about 6 years

I had to add this as part of a security audit - now i don't know what to do!! :-(
Satyajit over 3 years

I don't know why Google pointed me here. I made a website using Django, it works fine on chrome in Windows(in normal mode), but when it comes to android devices, chrome doesn't load CSS/JS files. Same happens in incognito mode(in windows) . I gets an error in console Refused to apply style from 'http:*.**.***/static/css/materialize.min.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled. I can't find an answer to this... @Quentin