Content-Type does not match raw filetype

Install/Maintain/Configure
1

Hi,

I’m trying to serve a CSS file from my Gitea to load it as custom theme in some app. So I grabbed the raw version of the CSS file.
Problem is, the file is served as Content-Type: text/plain and this trigger an exception in Firefox in my app because it expects Content-Type: text/css

The resource from "https://domain.tld/gitea/Owner/Repo/raw/branch/master/default_style.css" was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).

Could Gitea handle this, and change the header according to the file extension ?

I use the Yunohost package, so Gitea is behind Nginx.

2

This is for security reasons, otherwise someone could perform an XSS attack. I recommend adding in your CSS into your public folder and the correct mime type will be used.

3

Thanks for your answer.

What do you mean a “public folder” ? My repo is public. You mean I should host it as a website using Nginx or something ?

Github is doing it with github.io (like that). Can Gitea host static pages the same way ?

4

This is what I mean by “public folder”: https://docs.gitea.io/en-us/customizing-gitea/#serving-custom-public-files

In terms of github they do use a different domain, which provides some protection, and you could do that, but it is out of scope of advice we could provide (we don’t want to lead you astray and provide advice that could potentially harm), as we recommend using the approach in the linked document.