Tuesday, March 22, 2022

Content Sniffing in Web Development

While I was testing a software, I needed to refresh JavaScript files based on branch on GitHub. What I did is to include the raw data of the file using raw.gethubcontent.com.

What I noticed is that the console started to display the error which reads :

The resource from “https://raw.githubusercontent.com/usernane/AJAXRequestJs/master/AJAXRequest.js” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).

What does this error means and why it appeared? After doing a small research, I learned about new concept which is called "Content Sniffing"

In a nutshell, content sniffing happens when a web browser change the content type of server response to a content type that it think is correct. For example, a server might send a JavaScript file with content type "text/plain". In this case, the browser will change content type to "text/JavaScript" because the file smells like JavaScript and make it executable. This can lead to security issues if the file is user generated and can lead to attacks such as .

To make sure that the browser does not change content type based on its smell, the server can send http header. The header has the name "". The error that was appearing in the console was caused by this header. GitHub server always sends this header whenever someone tries to get files using raw.githubcontent.com.

To resolve my issue, I reverted back to jsDeliver. The CDN actually has a nice feature that I just got to know. It is possible to get files using commit hash. Instead of using a branch name or tag after the @, simply add the hash of the commit.

Friday, January 28, 2022

How to Change Document Root in WHM and cPanel for Specific Website

First, create a directory in your home directory. Give it the name 'backup'. Secondly, open the terminal in WHM. Then run the following command:

cp /var/cpanel/userdata/USERNAME/* /home/backup

Replace 'USERNAME' with the username of cPanel user that you would like to change its document root. The compand will simply copy all files in the directory "/var/cpanel/userdata/USERNAME" to the directory "/home/backup". The directory "/var/cpanel/userdata/USERNAME" contains configuration files for domains.

Suppose that the domain that you want to change its document root is 'example.com'. In this case, you need to open the file 'example.com' and 'example.com_SSL and edit document root using vim.

Finally, you need to run the following commands to restart apache:

/scripts/updateuserdatacache
/scripts/updateuserdomains
cp /etc/apache2/conf/httpd.conf{,.bak-`date +%Y%m%d`}
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
For more information, check here