krish7919 opened a new issue #15089: URL: https://github.com/apache/superset/issues/15089
A clear and concise description of what the bug is. 1. I set up Superset without any auth and everything runs fine. 2. Post this, I introduced a proxy in between which also handles auth. This proxy inserts the `X-Content-Type-Options: nosniff` header as is the standard way to force browsers to not interpret code. In scenario 2, the browser (I have checked with Edge and Firefox), the content is not rendered with an error on the browser console as `The resource from “https://X.Y.Z” was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).` As per https://stackoverflow.com/a/53062522, we need to explicit identify these sources and add the mime types for them accordingly. #### How to reproduce the bug Add the `nosniff` option for the browser as a header and open superset on any of the browsers. ### Environment (please complete the following information): - superset version: `superset version` ``` superset@a1df89430550:/app/superset$ superset --version Python 3.7.9 Flask 1.1.2 Werkzeug 1.0.1 ``` - python version: `python --version` ``` superset@a1df89430550:/app/superset$ python --version Python 3.7.9 ``` - node.js version: `node -v` ``` superset@a1df89430550:/app/superset$ node -v bash: node: command not found ``` This is running in the oficial Superset container. ### Checklist Make sure to follow these steps before submitting your issue - thank you! - [x] I have checked the superset logs for python stacktraces and included it here as text if there are any. **Not applicable** - [x] I have reproduced the issue with at least the latest released version of superset. - [x] I have checked the issue tracker for the same issue and I haven't found one similar. ### Additional context Add any other context about the problem here. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
