meta.js is sent with the wrong MIME type #9523
Comments
bt90
added
bug
|
Something is fishy: Line 722 in 6204670
|
|
Ah, this is apparently caused by Line 54 in 6204670 At least the content doesn't look sensitive to me: var metadata = {
"authenticated": true,
"deviceID": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"deviceIDShort": "XXXXXX"
}; |
|
I don't follow. There's nothing wrong with the content type. It's behind auth, as many other things. The OP's issue seems to be some proxy problem together with trying to interpret a retuned 403 error. |
|
The problem is that we're loading syncthing/gui/default/index.html Line 1080 in 6204670 Once strict MIME type handling is enforced via X-Content-Type-Options: nosniff, this ends up as an error in the browser console. Judging from a quick test, it doesn't break the UI even when My proposal would be to exempt meta.js from authentication and instead populate its Lines 717 to 721 in 6204670 |
|
It doesn't break the UI at all as far as I can tell. There's an error in the console about it when you're not logged in, that's all. Potentially this could be nicer, perhaps we don't try to load the resource when not logged in, but I don't see a bug or problem here... From what I can see in the forum thread the OP had some entirely unrelated problem with the proxy or their browser plugins and just latched onto this as the visible error in the console. |
Aye. nginx-proxy-manager has some interesting config bits: |
What happened?
The HTTP content-type seems to be wrong:
Paired with
x-content-type-options: nosniff, the request is blocked by the browser.see https://forum.syncthing.net/t/cant-login-to-syncthing-gui-with-ngnix-proxy-manager/22030
Syncthing version
v1.27.6
Platform & operating system
Linux amd64
Browser version
No response
Relevant log output
No response
The text was updated successfully, but these errors were encountered: