I am making a jsonp call as below .Its a cross domain call Which works fine in FF but in IE9 it fails and I see following message in IE .
SEC7112: Script from http://site.com/a.jsp was blocked due to mime type mismatch
I saw this article http://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx where it says it will ignore response with No-Sniff response. So that header depends on server ? How do I fix it ? Is there any workaround ?
$.ajax({ type: 'POST',
url: 'http://www.othersite.com/index.jsp',
data: 'action=delete&id=121',
contentType: 'application/javascript',
dataType: 'jsonp',
success: function(data) {
alert(data.fromname);
}
As the error in MSDN says:
SCRIPT and STYLESHEET elements will reject responses with incorrect MIME types if the server sends the response header X-Content-Type-Options: nosniff. This is a security feature that helps prevent attacks based on MIME-type confusion.
try sending the "X-Content-Type-Options: nosniff" in the server side of your page, if this does not works with ie, you just need to touch the www.othersite.com server headers.
ie sometimes is a headache.