On one of my workstations I am unable to display the Auth0 support screen. When I try to go to the page, the browser window appears empty, but in the browser console I see messages about unuspported MIME types and Content Security Policy errors.
I am able to connect to the main management console, and I am able to connect to support from a remote workstation so it’s not a major issue, but seemed odd enough to mention to people.
All of the files in the response received favorable response codes (200 or 204).
The only anomalies were a few files that, while they had internal response code of 200, also showed error messages in the browser console saying:
The resource from “Auth0 Support Center was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff)
The resource from “Auth0 Support Center was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
The resource from “Auth0 Support Center was blocked due to MIME type (“text/html”) mismatch (X-Content-Type-Options: nosniff).
There was also another error message in the console logs that said:
Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). [NOTE: this was in reference to file “gtm.js”]
Content-Security-Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
NOTE: I can’t be sure, but I have a sneaking suspicion that this issue is related to some over-zealous security measures that my local network group has imposed. Where nobody else seems to recognize this symptom I’ve reached out to them to check.
Refused to apply style from ‘https://support.auth0.com/main.70a5d36f7821d19b8f34.css’ because its MIME type (‘text/html’) is not a supported stylesheet MIME type, and strict MIME checking is enabled. Auth0 Support Center Refused to execute script from ‘https://support.auth0.com/main.6f1dbbdee2d0d6f2fd22.js’ because its MIME type (‘text/html’) is not executable, and strict MIME type checking is enabled.
injected.js:4 Retrieving “b5x-stateful-inline-icon” flag errored: timed out - falling back
qy @ injected.js:4
Show 1 more frame
Show less
gtm.js?id=GTM-TH3QT4KC:497 Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’ ‘unsafe-eval’ https://script.hotjar.com ‘nonce-LdW/ekD8QIHpuZJ5fDxAQg==’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-HtjwyU/hmXhqe1odX4Sz4tvfdgh4h5NcSNwQK92jMjU=’), or a nonce (‘nonce-…’) is required to enable inline execution.
(anonymous) @ gtm.js?id=GTM-TH3QT4KC:497
inject.bundle.js:155 quill Overwriting formats/image with class oD extends om{static create(eo){let eu=super.create(eo);return eu.setAttribute(“style”,“max-width: 100%”),eu}}
ey @ inject.bundle.js:155
Show 1 more frame
Show less
inject.bundle.js:155 quill Overwriting formats/background with eu
ey @ inject.bundle.js:155
Show 1 more frame
Show less
inject.bundle.js:155 quill Overwriting formats/direction with eu
ey @ inject.bundle.js:155
Show 1 more frame
Show less
14Third-party cookie will be blocked. Learn more in the Issues tab. Auth0 Support Center Unchecked runtime.lastError: The message port closed before a response was received. Auth0 Support Center Refused to apply style from ‘https://support.auth0.com/main.70a5d36f7821d19b8f34.css’ because its MIME type (‘text/html’) is not a supported stylesheet MIME type, and strict MIME checking is enabled. Auth0 Support Center The resource https://cdn.auth0.com/website/fonts/SpaceGrotesk-SemiBold.woff2 was preloaded using link preload but not used within a few seconds from the window’s load event. Please make sure it has an appropriate as value and it is preloaded intentionally. Auth0 Support Center Unchecked runtime.lastError: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received
inject.bundle.js:1953 Uncaught (in promise) TypeError: Cannot destructure property ‘json’ of ‘eu’ as it is undefined.
at inject.bundle.js:1953:190358
(anonymous) @ inject.bundle.js:1953
Show 1 more frame
Show less
Yep, we are having exactly the same problem. Tried my laptop, phone, and iPad, same issue. However, my team mates from eastern Europe and Central US don’t see any issues