The contentType header for JavaScript and HTML in the Files tool is changing
The contentType
header for JavaScript and HTML served from the default HubSpot File Manager CDN is changing.
What's happening?
We are changing the contentType
used for JavaScript and HTML files served from a HubSpot CDN domain in the Files tool. The contentType
is changing to text/plain
. This means when the browser goes to the URL for an HTML file served this way, it will not render the HTML. JavaScript files served this way and linked using a <script>
tag will not be processed. Instead the code itself will display. This does not apply to Files tool files served through a connected domain name.
Files uploaded prior to this change will be unaffected to prevent breaking existing websites.
If you have an automation or business workflow that results in the upload of those types of files be aware you need to serve them through a connected domain.
Why is it happening?
This is a proactive security improvement to prevent illegitimate use of the Files tool that violates our terms of service.
When is it happening?
This change is already live and will affect any new files uploaded to HubSpot beginning today.
We realize this is happening on short notice, however we believe this to be a necessary step to improve the security and performance of the HubSpot platform. As mentioned above, this will only affect new file uploads, so any existing sites using files hosted from the HubSpot CDN domain will continue to work.
Questions comments? let's talk about it in the developer forums.