From e1cf3c7a0887b5ee93355b18f9ef400fcf14d782 Mon Sep 17 00:00:00 2001
From: experintellia <experintellia.github.2026@simonlaux.de>
Date: Wed, 29 Apr 2026 12:09:04 +0200
Subject: [PATCH] mockWebxdc: set Content-Type header to fix strict-MIME block
 in proxied environments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

`res.end(src)` without a Content-Type header causes browsers to see an
empty MIME type. Under strict-MIME checking (GitHub Codespaces reverse
proxy, nginx with `X-Content-Type-Options: nosniff`) the script is
blocked with ERR_BLOCKED_BY_RESPONSE and `window.webxdc` is never set.
Fix: add `res.setHeader('Content-Type', 'application/javascript; charset=utf-8')`
before `res.end()` in `configureServer`. No behaviour change on localhost.
Reproduces reliably in any GitHub Codespace — open the app via the
forwarded-port URL and check the console.

Disclaimer: this commit was generated by the LLM Claude Sonnet 4.6. I verified myself both that it works and that it is the correct solution.
---
 src/mock-webxdc.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/mock-webxdc.js b/src/mock-webxdc.js
index 0fee323..3473950 100644
--- a/src/mock-webxdc.js
+++ b/src/mock-webxdc.js
@@ -10,6 +10,7 @@ export function mockWebxdc(
     configureServer(server) {
       server.middlewares.use((req, res, next) => {
         if (req.url === "/webxdc.js") {
+          res.setHeader('Content-Type', 'application/javascript; charset=utf-8');
           res.end(scriptSrc);
         } else {
           next();