Copy link to clipboard
Copied
We have been providing a simple javascript link for for other websites to embed to display content from our site without using iframes.
Basically the HTML generated in the cfm file is saved in a <cfsavecontent> variable, and rendered into javascript using document.write('jsStringFormat(content));
Other sites then embed it using:
<script type="text/javascript" src="somesite/temp.cfm"></script>
This has worked well for many years, but due to increased security we added X-Content-Type-Options="nosniff" to our headers. This results in a MIME type (“text/html”) mismatch error, so the javascript is blocked. As far as I can tell this is because a .cfm page is delivering js content (?)
Any suggestions how we can work around this?
Bah. Solved it. Posting a question often results in an immediate revelation :-).
In case others have a similar problem, I simply added
<cfcontent type="text/javascript">
to the .cfm file, which appears to have resolved it. Thanks for reading!
Copy link to clipboard
Copied
Bah. Solved it. Posting a question often results in an immediate revelation :-).
In case others have a similar problem, I simply added
<cfcontent type="text/javascript">
to the .cfm file, which appears to have resolved it. Thanks for reading!
Copy link to clipboard
Copied
Certainly handy. Thanks for sharing.