X-Content-Type-Options header blocks h5p scripts because of wrong MIME type
- After adding X-Content-Type-Options header with the nosniff option, scripts from the h5p plugin were blocked because of wrong MIME types
- Wordpress 4.9.5
- Chrome, Firefox
- H5P plugin Version 1.10.1
- InteractiveVideo 1.17
- Browser console errors:
Loading failed for the <script> with source “.../files/h5p/cachedassets/995b0307c8eeea52e64f45853a0ad7a842695b3d.js”.
Unable to find constructor for: H5P.InteractiveVideo 1.17 h5p.js:861:5
TypeError: instance is undefined
Refused to execute script from '.../files/h5p/cachedassets/7de4395….js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled
It seems that the h5p plugin doesn't work with my newly added X-Content-Type-Options header. I dont know if my webserver is misconfigured or the problem lies with h5p itself. Help would be much appreciated.