Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

PNG Compatibility on Internet Explorer 11

Written By

Brian Suh

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

This article documents a known issue with PNG files that are uploaded to Document Library not displaying in IE11 with a DOM7009: Unable to decode image at URL in the console. 

As a security measure, and to prevent malicious scripts from being executed in browsers, Liferay sends the X-Content-Type-Options: nosniff HTTP header to protect against MIME sniffing.

Default value in system.properties:

# Set this to true for the portal to send the "X-Content-Type-Options:
# nosniff" HTTP header to protect against MIME sniffing. Custom URLs can
# specified in the property
# "http.header.secure.x.content.type.options.urls.excludes" that allow for
# unhindered MIME sniffing.
#
http.header.secure.x.content.type.options=true

This behavior is known, and intended, since Internet Explorer 8 (according to Microsoft's documentation).

To summarize, the script and styleSheet elements will reject responses with incorrect MIME types if the server sends the response header X-Content-Type-Options: nosniff.

Resolution

There are two options to resolve this behavior. Please be aware of the potential risks that are at hand when either of these two options are being set and proceed at your own discretion: 

Option 1 

Disable X-Content-Type-Options: nosniff being sent from Liferay

  1. In your system-ext.properties set http.header.secure.x.content.type.options=false
  2. Save the file
  3. Restart the server

Option 2 

Define the exact URLs that will allow for unhindered MIME sniffing:

  1. In the system-ext.properties file, set comma-deliminted URL prefixes that allow for unhindered MIME sniffing as seen in the default property in system.properties:
    # Set a list of comma delimited URL prefixes that allow for unhindered
# MIME sniffing. This property is only used when the property
# "http.header.secure.x.content.type.options" is set to true.
# http.header.secure.x.content.type.options.urls.excludes=
  2. Save the file
  3. Restart the server
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?