Allow json MIME type for Javascript Web Applications - Security Risks

Discussion created by mvolz47 on Oct 24, 2013
Latest reply on Oct 25, 2013 by jeff.pace
To All Javascript Developers and Web Server Administrators:

I recently downloaded an ESRI javascript web application template to a web server.  I tried to run the application using ArcGIS Online services, but it stalled on the splash page with a 404 error in Fiddler.  With a little research and past experience, I determined that it was the json MIME type not being allowed through IIS that was throwing the 404 error.  I added this MIME type and the javascript web application now works.

I am wondering if I am introducing any security risks to my server by allowing this additional MIME type as it is not in the MIME type list by default?

If there is a security risk, what other configuration changes do I need to make to the server to close this security risk?

Any help or information in regard to this post are greatly appreciated.