Fatal编程技术网
  • javascript/
  • Javascript 因为它的MIME类型(';text/plain';)是不可执行的,并且启用了严格的MIME类型检查

Javascript 因为它的MIME类型(';text/plain';)是不可执行的,并且启用了严格的MIME类型检查

javascript java spring spring-security

Javascript 因为它的MIME类型(';text/plain';)是不可执行的,并且启用了严格的MIME类型检查,javascript,java,spring,spring-security,Javascript,Java,Spring,Spring Security,我正在构建一个SpringMVC应用程序,在我的HTML文件(JSP)中使用SpringSecurity和Bootstrap 我目前正在修复应用程序中的以下错误: “拒绝从中执行脚本 “”因为它是MIME类型 ('text/html')不可执行,并且需要严格的MIME类型检查 已启用。“(应用程序的登录页) 上面的错误消息来自chrome开发者控制台 这里是基本配置 @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(sec

我正在构建一个SpringMVC应用程序,在我的HTML文件(JSP)中使用SpringSecurity和Bootstrap

我目前正在修复应用程序中的以下错误:

“拒绝从中执行脚本 “”因为它是MIME类型 ('text/html')不可执行,并且需要严格的MIME类型检查 已启用。“(应用程序的登录页)

上面的错误消息来自chrome开发者控制台

这里是基本配置

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled=true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

@Autowired
      protected void globalConfig(AuthenticationManagerBuilder auth, DataSource dataSource) throws Exception {
     //auth.inMemoryAuthentication().withUser("user").password("123").roles("USER");
         auth.jdbcAuthentication()
             .dataSource(dataSource)
             //.passwordEncoder(passwordEncoder()) décrupt paswd
             .usersByUsernameQuery("select username as principal, password as credentials, etat as actived from utilisateurs where username=?")
             .authoritiesByUsernameQuery("select u.username as principal, ur.nom_role as role from utilisateurs u inner join roles ur on(u.roles_id=ur.id_role) where u.username=?")
             .rolePrefix("ROLE_");
     }

@Bean
    public PasswordEncoder passwordEncoder(){
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**");
    }

protected void configure(HttpSecurity http) throws Exception {

        http
          .sessionManagement().maximumSessions(100).maxSessionsPreventsLogin(false).expiredUrl("/Login");
          http
           .authorizeRequests()
           .antMatchers("/images/**","/pdf/**","/Template/**","/Views/**","/MainApp.js","/css/**", "/js/**").permitAll()
           .antMatchers("/Users/**").access("hasRole('ADMIN')")
           .antMatchers("/Login").anonymous()
           .anyRequest().authenticated()
           .and()
           .exceptionHandling().accessDeniedPage("/403")
           .and()
           .formLogin().loginPage("/Login").permitAll()
           .defaultSuccessUrl("/")
           .failureUrl("/Login?error=true")
               .and()
               .csrf()
               .and()
                .rememberMe().tokenRepository(persistentTokenRepository())
                .tokenValiditySeconds(360000);
   }

@Autowired
DataSource dataSource;

@Bean
public PersistentTokenRepository persistentTokenRepository() {
        JdbcTokenRepositoryImpl db = new JdbcTokenRepositoryImpl();
        db.setDataSource(dataSource);
        return db;
    }

}
-APPConfigurationApplication.java

@SpringBootApplication  
@ComponentScan
@ImportResource("SpringBeans.xml")
public class APPConfigurationApplication extends SpringBootServletInitializer {

    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(APPConfigurationApplication.class);
    }

    public static void main(String[] args) {
        SpringApplication.run(APPConfigurationApplication.class, args);

    }
-MvcConfig.java

@Configuration
public class MvcConfig  extends WebMvcConfigurerAdapter{
 @Override
public void configureDefaultServletHandling(
     DefaultServletHandlerConfigurer configurer) {
            configurer.enable();

}
}
-以下是请求的响应头:

Request URL:http://localhost:8080/App/Login

Request Method:GET

Status Code:200 

Remote Address:[::1]:8080

Referrer Policy:no-referrer-when-downgrade

Response Headers

view source

Cache-Control:no-cache, no-store, max-age=0, must-revalidate

Content-Language:fr-FR

Content-Length:4289

Content-Type:text/html;charset=UTF-8

Date:Tue, 09 May 2017 09:18:15 GMT

Expires:0

Pragma:no-cache

X-Content-Type-Options:nosniff

X-Frame-Options:DENY

X-XSS-Protection:1; mode=block

Request Headers

view source

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Encoding:gzip, deflate, sdch, br

Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4

AlexaToolbar-ALX_NS_PH:AlexaToolbar/alx-4.0.1

Cache-Control:max-age=0

Connection:keep-alive

Cookie:JSESSIONID=6DDBA94C937FADFB889C8CFDDD9E47A3

Host:localhost:8080

Upgrade-Insecure-Requests:1

User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 

like Gecko) Chrome/57.0.2987.133 Safari/537.36
但只有当应用程序第一次在浏览器中打开时,才会发生此错误。一旦我继续登录,然后再次返回登录页面,就不会发生错误

Edit1:

Request URL:http://localhost:8080/App/Login

Request Method:GET

Status Code:200 

Remote Address:[::1]:8080

Referrer Policy:no-referrer-when-downgrade

Response Headers

view source

Cache-Control:no-cache, no-store, max-age=0, must-revalidate

Content-Language:fr-FR

Content-Length:4289

Content-Type:text/html;charset=UTF-8

Date:Tue, 09 May 2017 09:18:15 GMT

Expires:0

Pragma:no-cache

X-Content-Type-Options:nosniff

X-Frame-Options:DENY

X-XSS-Protection:1; mode=block

Request Headers

view source

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Encoding:gzip, deflate, sdch, br

Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4

AlexaToolbar-ALX_NS_PH:AlexaToolbar/alx-4.0.1

Cache-Control:max-age=0

Connection:keep-alive

Cookie:JSESSIONID=6DDBA94C937FADFB889C8CFDDD9E47A3

Host:localhost:8080

Upgrade-Insecure-Requests:1

User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, 

like Gecko) Chrome/57.0.2987.133 Safari/537.36
-Web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
  <display-name>Audit_Configuration</display-name>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>

  <servlet>
  <servlet-name>DefaultServlet</servlet-name>
  <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
</servlet>

 <!-- DEFAULT -->
<servlet-mapping>
    <servlet-name>DefaultServlet</servlet-name>
    <url-pattern>/Template/css/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>js</servlet-name>
    <url-pattern>/Template/js/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>DefaultServlet</servlet-name>
    <url-pattern>/images/*</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>DefaultServlet</servlet-name>
    <url-pattern>/pdf/*</url-pattern>
</servlet-mapping>

</web-app>


审计单元配置
index.html
index.htm
index.jsp
default.html
default.htm
default.jsp
DefaultServlet
org.eclipse.jetty.servlet.DefaultServlet
DefaultServlet
/模板/css/*
js
/模板/js/*
DefaultServlet
/图像/*
DefaultServlet
/pdf/*
这里是我在“静态”中的文件

我必须如何配置Spring Security才能从我的/static resources目录加载css/js文件?

解决方案是在web.xml文件中添加以下代码:


js
组织a‌​卡塔琳娜海滩酒店‌​ets.DefaultServlet
js
*.js
看看这个。感谢您的回复@Jayesh,我尝试将web.xml文件配置为链接中的文件,但仍然存在相同的问题:代码JS对于css的
JS
instade不起作用(使用不同的servlet名称)我更改了名称:js/Template/js/*我有一个问题:拒绝执行来自“http://localhost:8080/App/Template/js/modernizer.min.js”的脚本,因为它的MIME类型(“text/html”)不可执行,并且启用了严格的MIME类型检查。其他JS文件说您使用ApacheTomcat作为web容器,然后在web.xml中添加这些行
jsorg.Apache.catalina.servlets.DefaultServletjs*.JS
,这里是
.JS
文件,您可以对
.css
/
.jpeg
/除您在Viewr解析器上指定的任何其他文件扩展名执行相同操作(即
.jsp
)。