I'd like to host an external website on AMT using an iframe and allow users to answer to respond on the website. However, I get the following error:
The resource from “https://requestersandbox.mturk.com/create/projects/worker-html.js” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
Could this be caused by the use of a rest API (application/json)? If so, is there a way of fixing it or some work around?
Are you using Express to host the external website? This answer seems to have the same error message and recommends a fix: https://stackoverflow.com/a/45119502/2601671
Also, the URL https://requestersandbox.mturk.com/create/projects/worker-html.js doesn't exist on the MTurk site. Is this a file you expect to have on your server?
Related
Today, all of a sudden I started obtaining the following response in my development website:
Refused to execute script from 'https://mts1.googleapis.com/vt?pb=!1m4!1m3!1i8!2i68!3i120!1m4!1m3!1i8!2i68!…12m1!1e47!12m3!1e37!2m1!1ssmartmaps!4e3&callback=_xdc_._pk356f&token=37643' because its MIME type ('image/png') is not executable, and strict MIME type checking is enabled.
This causes the tiles to not be loaded properly and its bugging the website. I've read and searched and found nothing useful on how to fix it.
I've checked my quota in google api console just to make sure is not that I hit the limit or anything but that is not it.
EDIT:
Also, this is not only for my development website. It is happening in all websites that I access running the google map api v3.
Any light shed on this would be most helpful.
I added WebResource.axd (empty file) manually in production environment (IIS7 and Windows Server 2008) after chrome and firefox was giving error 404 for WebResource.axd. And now it is working fine, even with parameters. I am not sure why ASP.NET generating this script in final render result (no problem with VS2008), but now it is working. I want to know, is there any security implications other than what normally associated with WebResource.axd as it is in root directory?
Thanks
I also had this issue recently, after a code change WebResource.axd stopped working for my site. Basically, it exposes dynamic resources over http. For a longer explanation visit:
Just where is webresource.axd?
Typically, what happens is that one of the dynamic resources being requested has failed, but the resource name is encrypted. This blog post will help you decrypt the name, use it and the query string of your failing webresource.axd?___ request to figure out where the error is coming from.
Telerik webresource troubleshooting
We're hosting a couple of HTML5 games that utilise the offline.appcache feature letting games cache a lot better.
To serve the .appcache type however, I had to add the mime type to the server (IIS7) so it wouldn't 404. When I do, it refuses to serve any images or CSS files! The error sent to the browser when I request a CSS or image file is:
The page cannot be displayed because an internal server error has occurred.
The extension I am adding is appcache with the MIME type text/cache-manifest.
Any ideas why it's causing this behaviour?
Finally figured it out, I added the mime type on server level not site level. One of the sites already had that mime type defined. Which caused a conflict. But bizarrely the site with the dual definition was fine, it was the other sites that failed.
I ran into a similar issue when adding the .appcache. All .js and .css file requests responded with an error from IIS. I realized it was because I had not specified a NETWORK: section.
My working .appcache now forces all files to be refreshed and doesn't cause errors:
CACHE MANIFEST
# cache version 1.0.0.6
NETWORK:
*
Hi I'm trying a simple tutorial of retrieving RSS feeds from yahoo and keep getting this error:
RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"
I've seen some articles that say I need a crossdomain.xml file, but I don't really know how to set this file up and how to use it from the Flex SDK compiler (mxmlc).
Thanks
The crossdomain.xml file needs to live at the root of the server that you are accessing. If they have not put that there, then you are out of luck when running in the browser. It is part of an important security aspect of running in a browser sandbox (Silverlight has the same restriction). It is waived if you are running in Air (or pretty much anything out of the browser).
Lets say that you are trying to receive data from http://foo.com/rest/rss/all (or something like that). You can chec quickly to see if they allow cross-site scripting (XSC) by browsing to http://foo.com/crossdomain.xml. If it is not there, then you can't do it.
Still, the comments you got about more information would help us give you a better answer.
I cannot get the URL rewriting module to work on my local PC (vista x86)
i set up a new rule using the 'user friendly url' template.
a picture rather than 1000 words....
(the image contains 3 shots - creation, config and pattern test)
http://www.sk8loc8.com/rewriteIssue.jpg
so now that is setup if i request 'localhost/iisrewriteurl/content/5 i should see my content.aspx page.
nope...
Error Summary
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Detailed Error Information
Module IIS Web Core
Notification MapRequestHandler
Handler StaticFile
Error Code 0x80070002
Requested URL IISRewriteURL/content/5/
Physical Path C:\Users\Guy\Documents\Visual Studio 2008\Projects\IISRewriteURL\IISRewriteURL\content\5\
Logon Method Anonymous
Logon User Anonymous
When i go back into the rule itself and test the patterns that IIS made for me, they do not work..
I have tried adding a wildcard script map under the handler mappings section but this makes no difference.
Has anyone seen this type of behaviour before? Or am i missing something very simple?
If you test the pattern you dont need the Host
I always just create Blank Rules and not had a problem that way since not sure if it matters though. I cannot discover why that rewrite wouldnt work perhaps other rules are blocking it?
Alternatively you may have a look at Helicon Ape product that emulates Apache modules behavior on IIS7. It has simpler syntax and Helicon Ape Manager automatically checks the syntax of the rules you write.