I’m trying to serve a CSS file from my Gitea to load it as custom theme in some app. So I grabbed the raw version of the CSS file.
Problem is, the file is served as Content-Type: text/plain and this trigger an exception in Firefox in my app because it expects Content-Type: text/css
The resource from "https://domain.tld/gitea/Owner/Repo/raw/branch/master/default_style.css" was blocked due to MIME type mismatch (X-Content-Type-Options: nosniff).
Could Gitea handle this, and change the header according to the file extension ?
This is for security reasons, otherwise someone could perform an XSS attack. I recommend adding in your CSS into your public folder and the correct mime type will be used.
In terms of github they do use a different domain, which provides some protection, and you could do that, but it is out of scope of advice we could provide (we don’t want to lead you astray and provide advice that could potentially harm), as we recommend using the approach in the linked document.