Dennis Kieselhorst created TOBAGO-1395:
------------------------------------------
Summary: Set Content Type Options header to nosniff
Key: TOBAGO-1395
URL: https://issues.apache.org/jira/browse/TOBAGO-1395
Project: MyFaces Tobago
Issue Type: New Feature
Components: Core
Affects Versions: 2.0.0-beta-3
Reporter: Dennis Kieselhorst
Priority: Minor
Content sniffing allows malicious users to use polyglots (a file that is valid
as multiple content types). This can be used to execute XSS attacks.
The X-Content-Type-Options should be set to nosniff by default to avoid this.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
