Proxied requests do not force a content-type on the response
------------------------------------------------------------
Key: SHINDIG-1019
URL: https://issues.apache.org/jira/browse/SHINDIG-1019
Project: Shindig
Issue Type: Improvement
Components: Java
Reporter: Adam Winer
The Gadgets proxy handler does not force a content type for responses that
don't contain one from the server. But HTTP responses without Content-Type
headers expose a variety of content sniffing attacks.
A reasonable default is application/octet-stream.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
