Support

Admin Tools

#39956 Suddenly getting JS errors bringing site down

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.4.1
PHP version
8.1.24
Admin Tools version
9.8.3 Pro

Latest post by nicholas on Monday, 11 December 2023 01:36 CST

Saturday, 09 December 2023 21:38 CST

petekuhn

I know this isn't your issue, but I'm posting in case you have some insight into the problem.

All of the sudden, the site became inoperative with these errors in the JS console

Refused to execute script from '<URL>' because its MIME type ('') is not executable, and strict MIME type checking is enabled.

Looking through Joomla fora, I found that this could be related to the following .htaccess construct

## Reduce MIME type security risks
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
</IfModule>

And, indeed, commenting it out fixed the problem (as did disabling Reduce MIME type security risks in Admin Tools).

It's hard to understand, as this has worked until now, and it works on a test site which is a subdomain of the live site where it was failing.

As I said, this is clearly not your problem, but if you have any insight it would be appreciated.

Monday, 11 December 2023 01:36 CST

nicholas

Before you begin, do read the boring stuff: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options. It explains what this HTTP header does.

Most browsers will try by default to guess the content type of downloaded documents regardless of what the MIME header sent by the server. Let's say a malicious user to upload an executable file, e.g. a .EXE file or a Chrome Extension, under an innocent file extension as .jpg (image file). When a victim tries downloading this file, IE and Chrome will try to guess the file type, identify it as an executable file and under certain circumstances executing it. This means that your site could be unwittingly used to serve malware. The HTTP header above tells the browser to not try to guess the file type.

When it comes to SCRIPT tags, the source file MUST have a MIME type that indicates its executable JavaScript code, the canonical one being text/javascript. If your server does not send the MIME type at all, or sends the wrong MIME type (e.g. text/plain which means a plain text document, such as a README.txt file), the browser won't try to execute it as JavaScript and issue the error message you mentioned.

If the script with the problem is a URL pointing to your site you need to talk with your host. If it's a third party server, you need to talk to that third party.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!