David Handermann created NIFI-14452:
---------------------------------------
Summary: Add X-Content-Type-Options to REST API Responses
Key: NIFI-14452
URL: https://issues.apache.org/jira/browse/NIFI-14452
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework
Reporter: David Handermann
Assignee: David Handermann
The Jetty Server for the framework REST API sets several HTTP headers for all
responses. NiFi 2.2.0 changed the implementation from a Spring Security Filter
to a Jetty Handler so that all responses would have these headers without
having to pass through the Spring Security Filter Chain.
The refactored approach did not include the
[X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options]
header, which was present in earlier versions. The response header should be
added to instruct clients to respect the response Content-Type header and avoid
automatic type detection strategies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
