You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Dennis Kieselhorst (JIRA)" <de...@myfaces.apache.org> on 2014/05/16 13:19:52 UTC
[jira] [Updated] (TOBAGO-1395) Set Content Type Options header to
nosniff
[ https://issues.apache.org/jira/browse/TOBAGO-1395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dennis Kieselhorst updated TOBAGO-1395:
---------------------------------------
Status: Patch Available (was: Open)
> Set Content Type Options header to nosniff
> ------------------------------------------
>
> Key: TOBAGO-1395
> URL: https://issues.apache.org/jira/browse/TOBAGO-1395
> Project: MyFaces Tobago
> Issue Type: New Feature
> Components: Core
> Affects Versions: 2.0.0-beta-3
> Reporter: Dennis Kieselhorst
> Priority: Minor
> Fix For: 2.0.0-beta-4, 2.0.0, 3.0.0-alpha-1
>
> Attachments: TOBAGO-1395.patch
>
>
> Content sniffing allows malicious users to use polyglots (a file that is valid as multiple content types). This can be used to execute XSS attacks.
> The X-Content-Type-Options should be set to nosniff by default to avoid this.
--
This message was sent by Atlassian JIRA
(v6.2#6252)