我在Chrome中运行应用程序,但出现错误:
Refused to execute script from 'http://example.com/info?no=31&magic=1184' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
从这个主题,我知道应该设置http标头X-XSS-Protection:0
Refused to execute a JavaScript script. Source code of script found within request
我使用RoR将其设置为:
def info
response.headers['X-XSS-Protection'] = '0'
# Other logic
end
但是结果是,http标头仍然:
X-XSS-Protection:1; mode=block
X-XSS-Protection:0
当我在Firefox中尝试时,http标头为:
X-XSS-Protection 0, 1; mode=block
并且可以完美运行。
为什么有
1; mode=block?如何删除? 最佳答案
这与XSS保护无关。您需要将http://example.com/info?no=31&magic=1184上的Content-Type HTTP标头从text / html更改为text / javascript。
关于javascript - 如何正确处理Chrome X-XSS-Protection?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/25561745/