I moved your topic here, to continue
RAVE wrote:It was this line in .htaccess:
Header set X-Content-Type-Options nosniff
Good find. A bit strange, as that means your external plugin must be loading the JSON file as JSONP (simulating Javascript), in which case the Javascript will refuse to execute with MIME type 'application/json', which is correct. So for now, to allow your external plugin to operate under the same domain, you may need to remove that line after updating X3.
The X-Content-Type-Options nosniff should really be a smart security implementation. It would block PHP files disguised as JS or CSS from executing in browser.
https://stackoverflow.com/questions/183 ... ns-nosniff
... But then again, this level of security would only be useful if your website is open to uploads from untrusted users. I would consider removing it from htaccess if others have problems, but you can never get paranoid enough about security for your website