Autocomplete API results are not using Content-Type "text/html" instead of "application/json"

  • 2
  • Problem
  • Updated 6 years ago
When using the Autocomplete API with Bootstrap's typeahead module and a JSONP call, my console logs fill up with these warnings:

Resource interpreted as Script but transferred with MIME type text/html: "http://autocomplete.wunderground.com/...".

There can be security issues with using the incorrect content-type. If an attacked is able to inject specific strings into the response, the browser will execute that response because it believes it to be an HTML page. Using the correct Content-Type header, application/json, avoids this issue.
Photo of wizdumb

wizdumb

  • 6 Posts
  • 0 Reply Likes

Posted 6 years ago

  • 2

Be the first to post a reply!