Geek Answers Handbook

Icons / images not loaded in IE after adding "X-Content-Type-Options: nosniff" in the web.config file

I use the ASP.NET platform to create a web page. Inside the page, I used several images / icons. For security reasons, I used "X-Content-Type-Options: nosniff" in the web.config file. When I deploy a webpage in IE, some images / icons are not displayed. But the same page works fine in Firefox and Chrome.

When I remove the "X-Content-Type-Options: nosniff" statement from web.config, everything works fine in IE. But for security purposes I have to use this expression. At the same time, missing images / icons should be displayed in IE.

So, can anyone help me solve this problem with the instruction "X-Content-Type-Options: nosniff".

Thanks in advance,

+6
source share
2 answers

Nosifik applies only to the types "script" and "style". Also, applying nosniff to images turned out to be incompatible with existing websites.

So, "X-Content-Type-Options-nosniff" circumvents the problem for images, and here comes the browser role, which cannot display the image if the type mentioned by the server does not match the actual file extension.

Refer to: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options .

and this: https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx

0
source

IE uses MIME information to determine how to process files sent by the web server. For example, when Windows Internet Explorer receives a .jpg file, the user sees the file in a Windows Internet Explorer window. The MIME Processing Restrictions feature helps prevent script attacks on web servers by ensuring that any content that comes with IMAGE MIME is not processed as HTML or XML.

https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/dd565640(v=vs.85)

0
source

More articles:


All Articles