[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hosting Emulator does not return Content-Type header for firebase .js plugins #3041

Closed
davidbielik opened this issue Jan 14, 2021 · 2 comments · Fixed by #3042
Closed

Hosting Emulator does not return Content-Type header for firebase .js plugins #3041

davidbielik opened this issue Jan 14, 2021 · 2 comments · Fixed by #3042
Assignees
@bkendall

Comments

@davidbielik
Copy link
Contributor
davidbielik commented Jan 14, 2021
edited
Loading

[REQUIRED] Environment info

firebase-tools:
9.2.0

Platform:
macOS

[REQUIRED] Test case

  1. Unzip, and run firebase emulators:start --only hosting --project your-project-id from within the directory
  2. Load http://localhost:5000/
  3. The page will either load the firebase libraries (expected) or fail to load the libraries (actual)

firebase-issue-3041.zip

[REQUIRED] Steps to reproduce

  1. Make index.html which contains:
<script src="/__/firebase/8.2.2/firebase-app.js"></script>
<script src="/__/firebase/8.2.2/firebase-analytics.js"></script>
<script src="/__/firebase/init.js"></script>
  1. In your firebase.json config, add the following header:
{
    "key": "X-Content-Type-Options",
    "value": "nosniff"
}
  1. Start the hosting emulator:
firebase emulators:start --only hosting
  1. Inspect the HTTP response headers for those .js files

[REQUIRED] Expected behavior

The .js files return a Content-Type: application/javascript response header

[REQUIRED] Actual behavior

The .js files do not return any Content-Type header.

This is an issue when using the X-Content-Type-Options: nosniff header, since the browser will refuse to infer a Content Type, thereby not executing the firebase scripts.

Refused to execute script from 'http://localhost:5000/__/firebase/8.2.2/firebase-analytics.js' because its MIME type ('') is not executable, and strict MIME type checking is enabled.

This does not seem to happen in production and only affects the emulator's response of these firebase scripts (/__/firebase/$version/$library.js)
@bkendall bkendall self-assigned this Jan 14, 2021
@bkendall bkendall mentioned this issue Jan 14, 2021
Merged
@bkendall
Copy link
Contributor

Looks like we're not passing through those headers. request used to do this for us, but we've moved to a new library which does not. PR is out to fix.

@davidbielik davidbielik mentioned this issue Jan 17, 2021
Closed
@jamestwebber
Copy link

I think I have a similar error, but not for a firebase script. I am trying to adapt this guide to serving a static site with a Firebase app, so that I can keep it behind Google auth. That page is from a few years ago so I had to update a few things (I'm also not sure it was totally working as published).

So I'm trying to create a static site with mkdocs, stick the static site in a bucket, and then serve it behind a Firebase function that checks for proper auth. The site includes some javascript for search and things, and I see this error in the console (which I believe is also preventing me from deploying)

Refused to execute script from 'http://localhost:5000/search/lunr.js' because its MIME type ('') is not executable.

There are probably work-arounds to this for my particular situation (e.g. it just occurred to me that I can keep most of these files public, I only need to keep content protected). But might be a similar bug?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bkendall bkendall

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

pass through headers on sdk responses firebase/firebase-tools
3 participants
@bkendall @jamestwebber @davidbielik