From 1ee49791f456668709f4cb078011d47df21f58a8 Mon Sep 17 00:00:00 2001 From: Juan Orti Alcaine Date: Sat, 8 Feb 2025 17:29:02 +0100 Subject: [PATCH] Remove duplicated 'charset' in Content-Type header for Javascript files Javascript files are served over HTTP with an incorrect Content-Type header because the 'charset' option is duplicated: $ curl -I http://127.0.0.1:8083/static/js/table.js HTTP/1.1 200 OK Content-Disposition: inline; filename=table.js Content-Type: text/javascript; charset=UTF-8; charset=utf-8 Content-Length: 35967 Last-Modified: Sat, 16 Nov 2024 06:21:28 GMT Cache-Control: no-cache ETag: "1731738088.0-35967-471731799" Date: Sat, 08 Feb 2025 16:30:42 GMT Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data:; object-src 'none'; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000 This header is not RFC 1521 compliant and it's breaking some reverse proxy setups that perform compression. See this bug for reference: https://github.com/crocodilestick/Calibre-Web-Automated/issues/217 --- cps/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cps/__init__.py b/cps/__init__.py index 526d431f..5d870bf6 100644 --- a/cps/__init__.py +++ b/cps/__init__.py @@ -77,7 +77,7 @@ mimetypes.add_type('audio/ogg', '.ogg') mimetypes.add_type('application/ogg', '.oga') mimetypes.add_type('text/css', '.css') mimetypes.add_type('application/x-ms-reader', '.lit') -mimetypes.add_type('text/javascript; charset=UTF-8', '.js') +mimetypes.add_type('text/javascript', '.js') mimetypes.add_type('text/rtf', '.rtf') log = logger.create()