My webapp which logs in to my OneNote/OneDrive account via OAuth and the OneNote API has suddenly met a refusal from Chrome Stable 55 (same problem in Chrome Canary 58) (under Windows 10) with the following response in the console:
Refused to execute script from 'https://login.live.com/oauth20_authorize.srf?client_id=<xxx>&callback=jQuery...' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
There's been no change in any of my PHP authentication code, which has functioned fine for many months.
There's the same issue both with my localhost IIS server and remote Apache server.
I'd be very grateful for any suggestions.
[EDIT - 3 Feb 2017]
I've just met the same refusal again. Here's the full authorization URL (with the client_id blanked and the jQuery id shortened. The odd thing is that nothing in my code (adapted from the OneNote API PHP SDK example) adds the '&callback=jQuery' to the query string:
https://login.live.com/oauth20_authorize.srf?client_id=<XXX>&scope=wl.signin%2Cwl.basic%2Cwl.offline_access%2Coffice.onenote_update&response_type=code&redirect_uri=http%3A%2F%2Fleapmap.com%2Fleapmap%2Faccess.php&display=popup&locale=en&callback=jQuery213...
It would seem that the problem is the '&callback=jQuery...' But just how does it get appended to the query string???
I've tracked down the source of the refusal. On one particular path through the signin sequence, I was using jQuery to make an Ajax call to the MS login script, with a "jsonp" datatype. That was what was appending the '&callback=' to the query string and upsetting the MS login script. SOLUTION: Avoid using jQuery to make the Ajax call in this situation.