Python Flask - Error: "Failed to load module script. Strict MIME type checking is enforced". Works on production, not on the local server

Problem is caused by how flask is guessing content type of each static file. To do that flask imports mimetypes and calls mimetype, encoding = mimetypes.guess_type(download_name)

This module creates a database of known mime types from several sources and uses it to return mime type.

Under Linux and MacOS mimetypes.py looks inside files:

knownfiles = [
    "/etc/mime.types",
    "/etc/httpd/mime.types",                    # Mac OS X
    "/etc/httpd/conf/mime.types",               # Apache
    "/etc/apache/mime.types",                   # Apache 1
    "/etc/apache2/mime.types",                  # Apache 2
    "/usr/local/etc/httpd/conf/mime.types",
    "/usr/local/lib/netscape/mime.types",
    "/usr/local/etc/httpd/conf/mime.types",     # Apache 1.2
    "/usr/local/etc/mime.types",                # Apache 1.3
    ]

But under Windows it looks inside the registry:

with _winreg.OpenKey(_winreg.HKEY_CLASSES_ROOT, '') as hkcr:
    for subkeyname in enum_types(hkcr):
        try:
            with _winreg.OpenKey(hkcr, subkeyname) as subkey:
                # Only check file extensions
                if not subkeyname.startswith("."):
                    continue
                # raises OSError if no 'Content Type' value
                mimetype, datatype = _winreg.QueryValueEx(
                    subkey, 'Content Type')
                if datatype != _winreg.REG_SZ:
                    continue
                self.add_type(mimetype, subkeyname, strict)

So to fix the problem of flask thinking that .js file was actually text/plain all that's necessary is to open regedit and adjust this registry key to application/javascript:

regedit


I'm having similar trouble around a .js export class which contains a vanilla js web component with an integrated template, itself having jinja2 escape sequences. So, you may not get the same error with the first script statement using url_for as I did.

This appears to load as no error is raised by the templating engine...

<script type="module" src="{{ url_for('static', filename='interval_table.js') }}"></script>

... but Firefox console reports error: Loading module from “http://127.0.0.1:8000/static/interval_table.js” was blocked because of a disallowed MIME type (“application/json”). https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

I thought to get around the json error with the following, but it results in a jinja2 error, could not create endpoint:

<script type="module" src="{{ url_for('auth/interval_table.js') }}"></script>

This doesn't look like a CORS issue, and lots of digging has yielded no results. A new question may be necessary.