Chrome 浏览器出现 “Refused to execute script from” 的正确对应方法?


用Chrome浏览网站,执行一个javascript时,出现如下错误:


 Refused to execute script from 'http://mysite.com/info?no=31&magic=9543' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

其他浏览器,如火狐就没问题。

在StackOverflow上得知的一种简单方式是设置 HTTP header X-XSS-Protection:


 X-XSS-Protection: 0

http://stackoverflow.com/questions/1547884/refused-to-execute-a-javascript-script-source-code-of-script-found-within-reque

这是最好的解决办法吗?

安全 JavaScript xss chrome firefox

LTsir 10 years, 3 months ago

Your Answer