I’m deploying a Gatsby site (https://2020.stateofjs.com/, password: foobar) to Netlify. I’ve suddenly started running into this issue but only on iOS (Safari desktop works):
Refused to execute https://2020.stateofjs.com/component---src-core-pages-page-template-js-1562a37b733a02cbbf80.js as script because "X-Content-Type-Options: nosniff" was given and its Content-Type is not a script MIME type.
On the other hand The State of CSS 2020, which has a very similar stack, work fine without this issue. Any idea what’s going on?
We’ve seen an issue where Safari will cache the 401 responses for pages with password protection
Sounds like you’re running into this on mobile only, not desktop, but for folks browsing on desktop we suggest trying to open the page in a private browsing window in Safari. There is a link about how this is done here:
If that doesn’t resolve the issue and/or if there are other questions, please let us know.
But to be honest… it seems like this shouldnt be a problem in the first place from a server perspective. Why does the server responds with wrong MIME types for JS requests after the user authenticated via Basic-Auth and can successfully download the HTML part of the homepage.
After fixing, dont forget to clean browser cache. Perhaps the issue is that netlify sends back the netlify login html page instead of the JS content, which would explain this mime type mismatch.