Regarding Splunk 6.1....
The browser may not know that it received an image if Splunk doesn't set a HTTP header:
Content-Type: image/png
If there's no Content-Type header and someone is trying to prevent MIME sniffing with the following HTTP header then the image won't load in browsers like IE8:
X-Content-Type-Options: nosniff
You can test this with something like Fidder4.
CTRL+R to edit CustomRules.js, and then add some code in OnBeforeResponse:
static function OnBeforeResponse(oSession: Session) {
if (m_Hide304s && oSession.responseCode == 304) {
oSession["ui-hide"] = "true";
}
// Tim added the following two lines
oSession.oResponse.headers.Remove("X-Content-Type-Options");
oSession.oResponse.headers.Add("Content-Type", "image/png");
Inspect a response. Inspectors > Raw. See what was sent back from Splunk. Also check the browser to confirm whether the image is now loading correctly.
Tim.
... View more