[jira] [Updated] (TOBAGO-1395) Set Content Type Options header to nosniff

Dennis Kieselhorst (JIRA) Fri, 16 May 2014 07:15:14 -0700

     [ 
https://issues.apache.org/jira/browse/TOBAGO-1395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dennis Kieselhorst updated TOBAGO-1395:
---------------------------------------

    Status: Patch Available  (was: Open)

> Set Content Type Options header to nosniff
> ------------------------------------------
>
>                 Key: TOBAGO-1395
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1395
>             Project: MyFaces Tobago
>          Issue Type: New Feature
>          Components: Core
>    Affects Versions: 2.0.0-beta-3
>            Reporter: Dennis Kieselhorst
>            Priority: Minor
>             Fix For: 2.0.0-beta-4, 2.0.0, 3.0.0-alpha-1
>
>         Attachments: TOBAGO-1395.patch
>
>
> Content sniffing allows malicious users to use polyglots (a file that is 
> valid as multiple content types). This can be used to execute XSS attacks.
> The X-Content-Type-Options should be set to nosniff by default to avoid this.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

[jira] [Updated] (TOBAGO-1395) Set Content Type Options header to nosniff

Reply via email to