Open
Description
Bug description
Mime type inference failure for tensorboard javascript file served by application with a query parameter.
Expected behaviour
Tensorboard application running withing Notebook container should load without issues in browsers with the MIME Type verification security feature enabled i.e. resources are not loaded if the browser sniffed MIME type is different from the server advertised mime type.
https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/
Actual behaviour
JupyterHub proxy fails to infer mimetype of file such as index.js?_file_hash=8b6358c7 as text/javascript
How to reproduce
- Install tensorboard in jupyterhub with the proxy service running
- Run tensorboard using tensorboard --logdir training
- Server starts up on port 6006
- Visit the server using proxy via path proxy/6006/
- Tensorboard fails to load with this error
The resource from “[https://<user_hub_path>/proxy/index.js?_file_hash=8b6358c7”](https://<user_hub_path>/proxy/index.js?_file_hash=8b6358c7%E2%80%9D) was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff). 6006
Your personal set up
Zero-to-JupyterHub on EKS
- OS:
JupyterHub on EKS with Image built from Ubuntu 22.04 - Version(s):
JupyterHub : 3.11
Python : 3.10.6