CF generated Javascript blocked by X-Content-Type-Options

Question

We have been providing a simple javascript link for for other websites to embed to display content from our site without using iframes.

Basically the HTML generated in the cfm file is saved in a <cfsavecontent> variable, and rendered into javascript using document.write('jsStringFormat(content));

Other sites then embed it using:

This has worked well for many years, but due to increased security we added X-Content-Type-Options="nosniff" to our headers. This results in a MIME type (“text/html”) mismatch error, so the javascript is blocked. As far as I can tell this is because a .cfm page is delivering js content (?)

Any suggestions how we can work around this?

p3142 · Accepted Answer

Bah. Solved it. Posting a question often results in an immediate revelation :-).

In case others have a similar problem, I simply added
<cfcontent type="text/javascript">

to the .cfm file, which appears to have resolved it. Thanks for reading!

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded