I am trying to resolve a problem where someone's browser is sometimes downloading a js file rather than executing it. I thought I would compare their http headers with mine, and I see that even the headers on mine don't seem to be correct.
On a file created by an SPFx extension, whose code is stored in ClientSideAssets and served by publiccdn.sharepointonline.com, I see the response header
content-type: application/javascript
which is normal, but also
content-disposition: attachment; filename={LongFileName}.js
which seems wrong to me. Most browsers use the content-type to determine whether to process the file or download it, and in my browser everything is fine since the content-type isn't "Application/octet-stream", but my understanding is that the standard says that "content-disposition: attachment" means "download this file". Maybe some browsers follow the standard.
Can someone who knows more about this tell me whether the O365 CDN is configured incorrectly?