[
https://issues.apache.org/jira/browse/NIFI-14452?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17943293#comment-17943293
]
ASF subversion and git services commented on NIFI-14452:
--------------------------------------------------------
Commit 5559c7d2e3b70b8f75530fb8bc58361b5b23b425 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=5559c7d2e3 ]
NIFI-14452 Added X-Content-Type-Options Header to HTTP Responses
Signed-off-by: Pierre Villard <[email protected]>
This closes #9860.
> Add X-Content-Type-Options to Framework HTTP Responses
> ------------------------------------------------------
>
> Key: NIFI-14452
> URL: https://issues.apache.org/jira/browse/NIFI-14452
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The Jetty Server for the framework REST API sets several HTTP headers for all
> responses. NiFi 2.2.0 changed the implementation from a Spring Security
> Filter to a Jetty Handler so that all responses would have these headers
> without having to pass through the Spring Security Filter Chain.
> The refactored approach did not include the
> [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options]
> header, which was present in earlier versions. The response header should be
> added to instruct clients to respect the response Content-Type header and
> avoid automatic type detection strategies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
