X-Content-Type-Options=nosniff header breaks Public webApp

X-Content-Type-Options=nosniff header breaks Public webApp

Issue

Customers have added security headers to their SSL Offloading appliance to meet new security standards.  Now when launching a Public webApp, instead of the application properly launching the browser just displays the HTML code.



Solution

We've found that the X-Content-Type-Options=nosniff header is the root of the issue.

Currently the Public webApp type does not set a MIME type.  Thus when you tell the browser not to sniff the HTML for the MIME type it has no idea what to do, and just displays the HTML.

We are recommending not to set that security header if you are using Public webApps on your system.  Once we update the Public webApp code to set the MIME type, we will update this article.
    • Related Articles

    • Using a http header to wipe out Content Security Policy

      Sometimes a developer adds a Content Security Policy to their page defining what 3rd party sites it will accept data from.  This will cause a problem when webNetwork tries to inject its .JS code to do the SSO process. To get around this for a virtual ...
    • Enable X-Forwarded-For header on a KEMP LoadMaster

      Question: I have my UW relays behind a KEMP LoadMaster.  When I use Web Monitor (with a column added for ipAddress) to see active user sessions, I see all the users coming from the LoadMaster's IP address. Solution: The Virtual Service for your UW ...
    • Pearson SAML webApp requires Identity as of 6.4.x.x

      Issue: The customer has a Pearson SAML webApp. After upgrading to 6.4.x.x, users receive the following error when clicking on the Savvas Learning Company (formerly Pearson K12 Learning) webApp tile: HTTP ERROR 500 Problem accessing ...
    • Change NTLM Authentication type

      How can I change the NTLM authentication type on my windows box ? Update 10-31-2014 : webNetwork 6.2.1.182 and higher works much better with NTLM V2 and the change below should not be needed anymore.  It is still provided here just in case a customer ...
    • Performance issues with webRDP clients accessing Flash content

      Are there performance issues with using a Terminal Server webapp to access a Flash based content? We've found the graphics refreshing with the Flash content is not smooth when using the web based clients.  webRDP HTML5 and webRDP Java clients are the ...
    • Popular Articles

    • Old Browser Versions

      Question: I am using an older browser version and am having problems. What can be done ? We are not able to upgrade the browser at this time.   This is a challenge for any company that makes software that utilizes a browser. Since Stoneware does not ...
    • LCS Redirection

      Problem: How to redirect the LCS in an environment with multiple LCSs and students connecting to them. Solution(s): Create an allow.cfg on all LCS(s) (including the Master) in the network, however, even if no allow.cfg is present on an LCS, machines ...
    • Time windows allows for Service Shutdown

      Issue: Can the time windows gives a service to shut down before it kills the service be increased? Solution: Yes, the following information comes from the Microsoft URL : http://support.microsoft.com/kb/146092 To specify the wait time, do the ...
    • How to disable password saving - Internet Explorer

      Having multiple methods for saving a password in the browser can cause confusion for the user.   To disable password saving in Internet Explorer, launch Internet Explorer and perform the following steps. Click the blue Settings menu icon in the upper ...
    • How to disable password saving - Chrome

      Having multiple methods for saving a password in the browser can cause confusion for the user.  To disable password saving in Chrome, launch Chrome and perform the following steps. Click the Chrome menu button in the upper right corner of the Chrome ...
    • Recent Articles

    • Lenovo Unified Workspace 7.0.0.63 Released

      Highlights of Unified Workspace 7.0.0.63 If you need assistance with your update, please e-mail support at support@lenovosoftware.com or visit https://unifiedworkspace.com/support/ for more information. Below is a list of enhancements and fixes for ...
    • How to fix customized login and profile after upgrading to v7.0

      With the release of 7.0 the default login page has been modified to simplify the customization process.  If you are having an issue with the login page not displaying, after upgrading to v7.0, you will need to delete the custom CSS code and start ...
    • SAML SP - Sync Directory Password

      Login script to prompt for directory password Since the user does not login into Unified Workspace with a password, we cannot capture the password to use in the @@password@@ variable.  If you would like to use the Active Directory password for other ...
    • MySQL 8 SSL

      Issue Admin is making a database connection to a MySQL 8 database.  When clicking the Ping button on the DB Connection object, the following error is presented: WARN: Establishing SSL connection without server's identity verification is not ...
    • 7.0 excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file

      excludeProtocols - includeProtocols - allowCiphers - denyCiphers config file The following configuration is recommended for systems running 7.0.0.63, and higher. (For older 6.5 releases of UW, please see this article.) ...