Hi, On Thu, 18 Jan 2024, Georges Khaznadar wrote: > On Thu, 18 Jan 2024 13:55:20 +0100 Raphael Hertzog <hert...@debian.org> wrote: > > [...] reported here and that you can see here: > > https://hertzog.pages.debian.net/-/debusine/-/jobs/5153568/artifacts/docs/_build/html/index.html > > when I browse this URL with the debugger's console active, I see that: > > The resource from > “https://hertzog.pages.debian.net/javascript/normalize.css/normalize.css” was > blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: > nosniff). > > Probably, it the webserver is configured to serve normalize.css as MIME > type "text/css", the issue might be fixed.
No, this is unrelated. The URL you list is just not valid. This domain is managed by GitLab Pages and anything generated by the CI must be self-contained in https://hertzog.pages.debian.net/-/debusine/-/jobs/5153568/artifacts/ The fact that you have hardcoded an absolute link to "/javascript/normalize.css/normalize.css" (which might work on a default installation of a Debian server) means the resource is now looked up outside of its artifact directory, and there's just nothing there that can understand the purpose of its URL. You could have received an error 404 just as well but you got something else presumably because GitLab Pages has a number of hardening features to avoid malicious behaviour. Cheers, -- ⢀⣴⠾⠻⢶⣦⠀ Raphaël Hertzog <hert...@debian.org> ⣾⠁⢠⠒⠀⣿⡁ ⢿⡄⠘⠷⠚⠋ The Debian Handbook: https://debian-handbook.info/get/ ⠈⠳⣄⠀⠀⠀⠀ Debian Long Term Support: https://deb.li/LTS
