Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intermittent issue in Safari: Refused to execute htmx script due to "X-Content-Type-Options: nosniff" #2697

Open
axzilla opened this issue Jul 5, 2024 · 2 comments
Open

Intermittent issue in Safari: Refused to execute htmx script due to "X-Content-Type-Options: nosniff" #2697

axzilla opened this issue Jul 5, 2024 · 2 comments

Comments

@axzilla
Copy link

axzilla commented Jul 5, 2024

Description:

I'm developing apps with Go and HTMX, and I primarily use Safari as my main browser. Unfortunately, Safari intermittently refuses to load the HTMX script with the following error:

Refused to execute https://unpkg.com/[email protected] as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.

This issue does not always occur and it works perfectly fine in Chrome and Firefox.

I'm uncertain whether this is a bug in HTMX or an error on my part.

Steps to Reproduce:

  1. Use Safari as the browser.
  2. Include the HTMX script in the HTML file like this: 
    <script src="https://unpkg.com/[email protected]"></script>
  3. Open the HTML file in Safari.
  4. Observe the console for the error message.

Expected Behavior:

The HTMX script should load without issues, similar to how it functions in Chrome and Firefox.

Actual Behavior:

Safari intermittently refuses to execute the script, displaying the error message related to the "X-Content-Type-Options: nosniff" header.

Additional Information:

  • Safari Version: Version 17.4.1 (19618.1.15.11.14)
  • macOS Version: 14.4.1 (23E224)
  • HTMX Version: 2.0.0
  • Go Version: go1.22.4 darwin/arm64

Please let me know if any additional information is needed. Thank you for your help in resolving this issue.
@Telroshan
Copy link
Collaborator

I wonder if it's the unpkg auto redirection that messes up here, could you try loading directly with the resolved URL (the one you eventually get when opening the link in your browser directly), aka

<script src="https://unpkg.com/[email protected]/dist/htmx.min.js"></script>

?
Just to see if it works correctly with the script's actual URL or not

@axzilla
Copy link
Author

axzilla commented Jul 5, 2024

I wonder if it's the unpkg auto redirection that messes up here, could you try loading directly with the resolved URL (the one you eventually get when opening the link in your browser directly), aka

<script src="https://unpkg.com/[email protected]/dist/htmx.min.js"></script>

? Just to see if it works correctly with the script's actual URL or not

Yep this works fine, thanks for that!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Telroshan @axzilla