[jira] [Commented] (TOBAGO-1395) Set Content Type Options header to nosniff

Tue, 20 May 2014 08:25:25 -0700 

    [ 
https://issues.apache.org/jira/browse/TOBAGO-1395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14003433#comment-14003433
 ] 

Hudson commented on TOBAGO-1395:
--------------------------------

SUCCESS: Integrated in tobago-trunk #1179 (See 
[https://builds.apache.org/job/tobago-trunk/1179/])
TOBAGO-1395: Set Content Type Options header to nosniff
- patch applied
- doing some enhancements (lofwyr: 
http://svn.apache.org/viewvc/?view=rev&rev=1595204)
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/ajax/AjaxUtils.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/ajax/AjaxResponseRenderer.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/ResponseUtils.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/servlet/ResourceServlet.java
* 
/myfaces/tobago/trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-2.0.xsd
* 
/myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParserUnitTest.java
* /myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-2.0.xml
* 
/myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-untidy-2.0.xml
* 
/myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/java/org/apache/myfaces/tobago/renderkit/html/standard/standard/tag/PageRenderer.java


> Set Content Type Options header to nosniff
> ------------------------------------------
>
>                 Key: TOBAGO-1395
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1395
>             Project: MyFaces Tobago
>          Issue Type: New Feature
>          Components: Core
>    Affects Versions: 2.0.0-beta-3
>            Reporter: Dennis Kieselhorst
>            Priority: Minor
>             Fix For: 2.0.0-beta-4, 2.0.0, 3.0.0-alpha-1
>
>         Attachments: TOBAGO-1395.patch
>
>
> Content sniffing allows malicious users to use polyglots (a file that is 
> valid as multiple content types). This can be used to execute XSS attacks.
> The X-Content-Type-Options should be set to nosniff by default to avoid this.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to