Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Member

401 Errors and X-Content-Type: nosniff issues

Sometime early in 2019, it seems that Canvas made an update to some server settings that had some breaking changes in the way I embed lessons. I've tried my best to update my code to make it "compliant," but nothing seems to be working.

Currently, I write my lessons and content using HTML/CSS/JS, then I upload my files to the Canvas file system and I iframe them into assignments. I've been doing this method for about 3 years, but sometime in January-February, my content stopped displaying as it had in the past.

Using desktop Chrome and Firefox (any version up to and included current versions), I have no issues with how the content is being displayed. Switch to desktop Safari, or mobile (iOS - not sure about Android) Chrome/Firefox/Safari, and this is where my issues are seen.

I'm getting a bunch of "Failed to load resource: the server responded with a status of 401 ()" errors and "Refused to execute [JS FILE] as script because "X-Content-Type: nosniff" was given and its Content-Type is not a script MIME type."

Searching around the internet for remedies of this error hasn't produced any results. The biggest response I keep seeing is make sure to declare the MIME type when linking in css/js files. I've given that a try on multiple occasions with multiple files, but I haven't had any success.

Has anyone else seen this newer behavior or could anyone guide me on how to address the issue?

0 Kudos
2 Replies
New Member

I have this happening as well. I uploaded a gallery consisting of images, HTML, CSS, and some JavaScript. The page used to display fine, but now I get an error for each image that says "Failed to load resource: the server responded with a status of 401 ( )". I know the images are in the course because if I go into the source and click on the URL for the image, it downloads to my computer. Did you ever find a fix for this problem?

Unfortunately not :-/. I tried so many iterations over the past year and I haven't been able to find a solution. I think I even asked it over on the developer github page but no responses or solutions. Changing and/or adjusting the mime type on the js doesn't do anything. It has to be something related to a change in their content security policy because I used to have no problems. It's not related to an iOS or Safari version either because it just happened out of the blue with no iOS or Safari releases, and it's isolated specifically to Canvas. Personally, I don't think Canvas properly implemented a change in their content security policy, but that's just speculation based on my observations of the issue. I'm just surprised that it isn't showing up in a more wide-spread way. There has to be more instances of this out there in the wild.