You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2020/06/18 00:16:00 UTC
[jira] [Commented] (NIFI-6094) Add X-Content-Type-Options header
[ https://issues.apache.org/jira/browse/NIFI-6094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17138911#comment-17138911 ]
ASF subversion and git services commented on NIFI-6094:
-------------------------------------------------------
Commit 27b5bb7a209bdf12eb14e653d9d4c42f444018be in nifi's branch refs/heads/master from thenatog
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=27b5bb7 ]
NIFI-6094 - Added the X-Content-Type-Options header to all web responses. (#4307)
NIFI-6094 - Added the mime/content type for ttf files.
> Add X-Content-Type-Options header
> ---------------------------------
>
> Key: NIFI-6094
> URL: https://issues.apache.org/jira/browse/NIFI-6094
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
> Reporter: Nathan Gough
> Priority: Major
> Labels: http-headers, security
> Time Spent: 50m
> Remaining Estimate: 0h
>
> The X-Content-Type-Options header should be added to all HTTP responses to improve security. In order for this to work correctly, all NiFi resources must accurately specify their respective *Content-Type*. This requires some work, as I do not believe this is currently the case for all of our resources.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)