IE9 script response blocked due to mime type mismatch
I use the following code snippet to load data from google fusion table as json.
var fileref = document.createElement("script");
fileref.setAttribute("type", "text/javascript");
fileref.setAttribute("src", "http://tables.googlelabs.com/api/query?sql=select * from 588320&hdrs=false&jsonCallback=LoadTable");
Works great in IE8, FF, Chrome, but now IE9 doesn't know how to handle the callback because the response and mime types don't match. IE9 reports the following script error when using jsonCallback param because it doesn't like the mime type.
SEC7112: Script from http://tables.googlelabs.com/api/query?sql=select * from 588320&hdrs=false&jsonCallback=LoadTable was blocked due to mime type mismatch.
Is there a workaround short of me having to host the src locally (or am I doing something wrong)?
Response Headers
Content-Type text/plain; charset=UTF-8
Content-Encoding gzip
Transfer-Encoding chunked
Date Fri, 13 May 2011 02:19:11 GMT
Expires Fri, 13 May 2011 02:19:11 GMT
Cache-Control private, max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1; mode=block
Server GSE
Request Headers
Host tables.googlelabs.com
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-us,en;q=0.5
Accept-Encoding gzip, deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
Cache-Control max-age=0
Answer
The problem is that Google is sending an X-Content-Type-Options: nosniff declaration and returning a JavaScript file without a JavaScript MIME type. This can only be fixed by either removing the nosniff declaration or by fixing the MIME type to indicate that the file is, in fact, script.
I've sent mail to Google about this one.