Upload JavaScript media


I’m currently experincing errors when trying to upload .js files to Grav.

I’ve some major experience in the platform and have added support for media in over 20 different program types but JavaScript seems to be the one not working well for me,

Could you please help me out?

I’ve tried the following MIME types:

  • application/javascript
  • text/html
  • text/javascript
  • application/octet-stream

Here’s how it looks,

Warm regards

As I am a ‘New’ user I was forbidden to add a second picture, but here is the error I receive


Hi @ramazan ,

2 thoughts come to mind, first give the file a more specific name, just to see if it fails because it is called “test.js”

Have you tried to set the mime type to application/javascript

Let us know on either a success or still a failure :slight_smile:

Hi Spamhater,
Thank you for such a quick reply. As mentioned above, I have tried the following MIME types + the parameters inside my picture.

I have also tried renaming the file multiple times, it doesn’t seem to work :confused:

Hi @ramazan

Sorry I did miss the listed attempts (sorry my bag)

Can you explain a bit more of what theme / blueprint setup that you are using to create your upload, is this in the frontend or backend.

Does it work if you if you accept a file / allow any file:

   - '*'

Then trying to lock it down afterwards

I think is to see if you can see the upload in the temporary directory or if it fails after hitting the save button.


I can try and emulate your setup and see if I can see any issue from there.


It is for the frontend, we’re trying to add a JavaScript file to one of our documentation pages where the user should be able to download it. As soon as I try to upload any .js file it gives the me error.

As for the suggestion you sent, am I supposed to put it on the page in expert mode like this? If so it doesn’t work…

Hi , ok, sorry I have to go on site now… but will try and have a look at it over the weeekend, time permitting.

I will try and set it up with a fresh grav and quark template and see if it return the same results and then check for errors. So bare with … and will try and get you my findings to you asap.

1 Like

@ramazan, Just curious… Why would one allow visitors to download js files from documentation pages? I’ve never seen that before.

It is more common to show code snippets in the documentation and allow visitors to copy the snippet.

I think I would be reluctant to download a js file and would prefer to copy the snippet. I would prefer to see the code from stackblitz, jsbin, or what have you, embedded in the documentation.

Just my two cents…

1 Like

I appreciate your suggestions

Yes, that is relevant for the most cases as we’re going for that approach everywhere. For this, we’d prefer to have the file there as the code is very very long.

Can I ask what your server configuration is (apache / php) maybe it is being limited by that.

also this was an interesting read

Also this was posted on the group as well

I wondering if you many need a custom plugin, to create a page header output for the file

I will admit, i thought originally it was for upload, not for download. :frowning:

Maybe look at javascript function like this


Also from the grav github , could put you in the right direction

Dangerous extension .js includes .json · Issue #3060 · getgrav/grav · GitHub

1 Like

@ramazan, A bit of digging got me to the same Github issue as mentioned by @spamhater, but thought it would be good to lift it out for clarity.

In short:
Admin checks for file extensions and refuses to upload files with file extentions mentioned in /system/config/security.yaml:

    - php
    - html
    - htm
    - js
    - exe

Obvious thing to do next is to comment out the ‘js’ line, but that leads to the next error:

The mime type does not match to file extension

The same error is mentioned in Github issue: My zip-files aren’t zip-files anymore – says the page-media-upload.

I’ve added a comment noting that *.js produces the same issue.

1 Like

Hi Guys,

Super thankful for your advice and help. Sadly I was on a vacation the past week so I couldn’t test the suggestions.

But you managed to solve it for me. Thank you so much.

For future reference, my issue was solved when I used the MIME type: application/x-javascriptt together with the things mentioned above

@ramazan, Would you mind being a bit more precise then:

together with the things mentioned above

  • Your solution would be more valuable to other community members if more complete
  • I would like to add the exact solution to the comment on Github.

Yes. I took the following steps:

  1. Went to Configuration → security.yaml

  2. Removed Javascript from “Invalid protocols list”

  3. Removed JS from “Dangerous Extensions” as seen in the picture down below:

  4. Once done I went to media.yaml and added the following:

Please let me know if something is unclear

(post deleted by author)