Reputation: 1636
Resource interpreted as Script but transferred with MIME type text/html superfish.com
I've started to notice this error on my Chrome dev tools. It appears after every http request.
Resource interpreted as Script but transferred with MIME type text/html: "http://www.superfish.com/ws/sf_main.jsp?dlsource=diigo&userId=153ec8d45ab00bb0221c814e5d659bee"
I logged on to Superfish.com and I've not used any of their service to my knowledge.
What is this notice/error exactly and how do I fix/get rid of it?
Upvotes: 4
Views: 6720
Answers (3)
Reputation: 349042
Superfish is adware, commonly bundled with existing Chrome extensions. You should look through your list of extensions and check whether there is any suspicious-looking extension.
Find and remove Superfish
- Locate your Chrome profile directory. The default locations are listed at User Data Directory on chromium.org.
- Go to the
Default\Extensionssubdirectory of your user profile (if you're using multiple Chrome profiles on your computer, "Default" might be something else). - Search for "superfish", and you will quickly find a file that contains this phrase.
- Look at the path (e.g.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcheapnmfbmcccnbjhhkmleoiljgpmkl\js\sf-inject.js) and copy that 32-character phrase. - Go to the extensions page in your Chrome browser (
chrome://extensions/). - Search for the extension with the given ID, and remove it.
How to identify bad extensions
Now you've removed it, you should take precautions to not get such extensions again. Fortunately, there are some indicators that you can use to spot such extensions:
- They require the "Access your data on all websites" permission.
Most extensions don't need this permission, be suspicious if you see it. - They are relatively popular (a few thousand users at minimum).
- They are used for entertainment. In particular, if the extension "enhances" Facebook, you can almost be sure that it contains some form of malware.
- Their description look more like an advert than a neutral description of features.
If you know a bit about code, I recommend to install my Chrome extension source viewer for reviewing the source code of Chrome extensions before installing it.
Note that the non-existence of adverts is not a guarantee for adware-free extensions. If the extension requests lots of permissions and it is owned by a poor individual, then it has a high likelihood of being compromised (I was offered 10k $ per month for a popular extension with a few hunderd thousand users. I resisted the offer, but I can imagine that many others do not).
To extension authors
If you are contacted by Superfish (or any other ad agency), reject the offer. Bundling adware without the user's consent is forbidden according to the Single Purpose policy.
An extension must have a single purpose that is narrow and easy-to-understand. Do not create an extension that requires users to accept bundles of unrelated functionality, such as an email notifier and a news headline aggregator. If two pieces of functionality are clearly separate, they should be put into two different extensions, and users should have the ability to install and uninstall them separately. For example, functionality that displays product ratings and reviews, but also injects ads into web pages, should not be bundled into a single extension. Similarly, toolbars that provide a broad array of functionality or entry points into services are better delivered as separate extensions, so that users can select the services they want.
Upvotes: 5
Reputation: 3247
Do you use the Better History Manager extension? The error disappeared when I was disabled it.
Upvotes: 0
Reputation: 6084
I had the same problem - spent hours debugging and adding these to .htaccess but didnt work:
AddType application/x-javascript .js
AddType text/css .css
AddType text/javascript .js
AddType text/css .css
AddType font/ttf .ttf
AddType font/eot .eot
AddType font/otf .otf
AddType application/woff .woff
AddType font/woff .woff
AddType font/opentype .woff
AddType application/x-font-woff .woff
AddType application/vnd.ms-fontobject .eot
AddDefaultCharset UTF-8
Options -Indexes
When I finally found the issue, I realized that while localhost work, the server did not accept the path
\js\prettyPhoto\js\jquery.prettyPhoto.js
instead of
\js\prettyphoto\js\jquery.prettyPhoto.js
The CAPITAL p was making all those errors!
Upvotes: 0
Related Questions
- Resource interpreted as Document but transferred with MIME type application/zip
- Resource interpreted as stylesheet but transferred with MIME type text/html (seems not related with web server)
- Node.js - Resource interpreted as Script but transferred with MIME type text/plain
- Chrome says "Resource interpreted as script but transferred with MIME type text/plain.", what gives?
- Resource interpreted as Script but transferred with MIME type text/x-js // Warnings recurrent in Chrome
- Resource interpreted as Script but transferred with MIME type text/plain - for local file
- Chrome Error - Resource interpreted as Script but transferred with MIME type text/plain
- Chrome says “Resource interpreted as script but transferred with MIME type text/plain.”, without server
- Chrome says "Resource interpreted as Stylesheet but transferred with MIME type text/html"
- Resource interpreted as Other but transferred with MIME type undefined