[jira] [Created] (ZEPPELIN-4471) Add HTTP security header X-Content-Type-Options for Zeppelin Server

Vipin Rathor (Jira) Fri, 06 Dec 2019 15:33:28 -0800

Vipin Rathor created ZEPPELIN-4471:
--------------------------------------

             Summary: Add HTTP security header X-Content-Type-Options for 
Zeppelin Server
                 Key: ZEPPELIN-4471
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4471
             Project: Zeppelin
          Issue Type: Improvement
          Components: security
    Affects Versions: 0.9.0
            Reporter: Vipin Rathor
            Assignee: Vipin Rathor



As per Security best practices, Zeppelin server should have an option to 
include "X-Content-Type-Options: nosniff" header in HTTP response.

Presence of this header prevents MIME type sniffing attack on web server. 
Additional info can be found at [Mozilla HTTP Header 
doc|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (ZEPPELIN-4471) Add HTTP security header X-Content-Type-Options for Zeppelin Server

Reply via email to