[
https://issues.apache.org/jira/browse/SLING-3815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14085951#comment-14085951
]
Antonio Sanso commented on SLING-3815:
--------------------------------------
[~olli] thanks for the pointer.
Is this going to be part of the launchpad?
Given the importance of the nosniff (as also suggested in a private
conversation with [~fmeschbe]) would be good to have it set in the Sling Main
Servlet... (at least the nosniff, and we can use the urlrewriter for the other
fields)
WDYT?
> Add support for X-Content-Type-Options: nosniff
> ------------------------------------------------
>
> Key: SLING-3815
> URL: https://issues.apache.org/jira/browse/SLING-3815
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Antonio Sanso
> Priority: Minor
>
> It would be nice if Sling will have customizable support for
> X-Content-Type-Options: nosniff .
> This is really useful to defend against some common attack e.g. XSS, Rosetta
> Flash etc.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
