[ https://issues.apache.org/jira/browse/TOBAGO-1395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14003433#comment-14003433 ]
Hudson commented on TOBAGO-1395: -------------------------------- SUCCESS: Integrated in tobago-trunk #1179 (See [https://builds.apache.org/job/tobago-trunk/1179/]) TOBAGO-1395: Set Content Type Options header to nosniff - patch applied - doing some enhancements (lofwyr: http://svn.apache.org/viewvc/?view=rev&rev=1595204) * /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/ajax/AjaxUtils.java * /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java * /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/ajax/AjaxResponseRenderer.java * /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java * /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java * /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java * /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java * /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/ResponseUtils.java * /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/servlet/ResourceServlet.java * /myfaces/tobago/trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-2.0.xsd * /myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParserUnitTest.java * /myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-2.0.xml * /myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-untidy-2.0.xml * /myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/java/org/apache/myfaces/tobago/renderkit/html/standard/standard/tag/PageRenderer.java > Set Content Type Options header to nosniff > ------------------------------------------ > > Key: TOBAGO-1395 > URL: https://issues.apache.org/jira/browse/TOBAGO-1395 > Project: MyFaces Tobago > Issue Type: New Feature > Components: Core > Affects Versions: 2.0.0-beta-3 > Reporter: Dennis Kieselhorst > Priority: Minor > Fix For: 2.0.0-beta-4, 2.0.0, 3.0.0-alpha-1 > > Attachments: TOBAGO-1395.patch > > > Content sniffing allows malicious users to use polyglots (a file that is > valid as multiple content types). This can be used to execute XSS attacks. > The X-Content-Type-Options should be set to nosniff by default to avoid this. -- This message was sent by Atlassian JIRA (v6.2#6252)