[
https://issues.apache.org/jira/browse/SLING-3815?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14089029#comment-14089029
]
Bertrand Delacretaz commented on SLING-3815:
--------------------------------------------
Thanks - I looked in more detail and I have another thing to complain about ;-)
I don't like the static methods in RequestData, I think the following would
work without static members:
# SlingMainServlet handles the StaticResponseHeaders configuration, as you did
# SlingMainServlet creates SlingRequestProcessorImpl in its @Activate method,
and passes to it the list of StaticResponseHeaders right after creating it
# SlingRequestProcessorImpl adds the configured headers to the response, in
doProcessRequest
WDYT?
> Add support for X-Content-Type-Options: nosniff
> ------------------------------------------------
>
> Key: SLING-3815
> URL: https://issues.apache.org/jira/browse/SLING-3815
> Project: Sling
> Issue Type: Improvement
> Components: Engine
> Reporter: Antonio Sanso
> Assignee: Antonio Sanso
> Priority: Minor
> Attachments: SLING-3815-patch.txt, SLING-3815-patch2.txt
>
>
> It would be nice if Sling will have customizable support for
> X-Content-Type-Options: nosniff .
> This is really useful to defend against some common attack e.g. XSS, Rosetta
> Flash etc.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
