Resolve Content-Type Mismatch for Commerce Websites

A change to the behavior of Content-Type response headers may affect some SuiteScript Server Pages (SSPs) on SuiteCommerce, SuiteCommerce Advanced (SCA), and SiteBuilder Extensions (SBE) websites.

When responding to the client, SSPs are now required to clearly state the type of content that they are sending. In most cases for SuiteCommerce, SCA, and SBE, the SSPs need to specify that they are sending JavaScript code.

Patch instructions vary depending on what Commerce products and versions you are using. Typically, SuiteCommerce customers do not need to take any action as your NetSuite SSPs have been automatically updated. However, patching is required for the following implementations:

• SCA Elbrus to 2023.2

• SBE Elbrus and Kilimanjaro

• Any SuiteCommerce extensions that use a custom SSP

After the change is made, any unpatched code will likely stop functioning correctly as the browser will interpret responses without an explicit content stated as text. This will result in an error message like the following:

Refused to execute script from 'https://www.example.com/secure/customFieldsMetadata.ssp?t=123456789' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.

Be sure to follow the instructions for your the Commerce product and version you have implemented.

General Notices