notebook 5.7.6 breaks pywwt #191
Description
As described here, version 5.7.6 of the Jupyter notebook module adds a new security feature related to the HTTP content types. This feature breaks pywwt.
On previous versions, the internal Jupyter server serves the wwt_json_api.js file with the wrong content/MIME type: it bills it as text/html rather than application/javascript. This is only a warning, though — in the Firefox JS developer console, you see:
The script from “http://localhost:8888/wwt/wwt_json_api.js” was loaded even though its MIME type (“text/html”) is not a valid JavaScript MIME type.
The new X-Content-Type-Options: nosniff header added in notebook 5.7.6 turns this into a hard error:
The resource from "http://localhost:8888/wwt/wwt_json_api.js" was blocked due to MIME type ("text/html") mismatch
This breaks programmatic control of the widget, basically.
This problem may be fixed in jupyter/notebook#4468? The PR there bills it as only applying to Windows, but looking at the patch, it might help pywwt out too.