@julian said in browser console errors after v1.6.0 upgrade:
X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the
Content-Type headers should not be changed and be followed. This allows to opt-out of MIME type sniffing, or, in other words, it is a way to say that the webmasters knew what they were doing.
... :trollface: (emphasis mine)
As @pitaj issued it, we'll track its fix, but as
X-Content-Type-Options is not likely to be used extensively, there's no need to prioritise this issue for backport into
v1.6.x. However when resolved, you can easily cherry-pick the fix into your existing installation.
I'm super paranoid and like following the theoretical best practices, but as you can see by the content security policy in my nginx config, it isn't always possible. Stupid real world not lining up with my perfect world expectations!
@pitaj said in browser console errors after v1.6.0 upgrade:
@teh_g I do admit I didn't check if it would work, you probably actually need
This mostly works now. The admin page still had some issues, but at least the user section is good! I will keep strict checking disabled for the time being