[KNOX-1310] The X-Content-Type-Options header should be set as 'nosniff' - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.0.0
Fix Version/s: 1.1.0
Component/s: AdminUI
Labels:
None

Description

For every response containing a message body, the Admin UI should include a single Content-type header that correctly and unambiguously states the MIME type of the content in the response body.

Additionally, the response header "X-Content-Type-Options: nosniff" should be returned in all responses to reduce the likelihood that browsers will interpret content in a way that disregards the explicit Content-type header.

Attachments

Activity

People

Assignee:: Philip Zampino

Reporter:: Philip Zampino

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 14/May/18 14:45

Updated:: 28/Mar/19 14:05

Resolved:: 16/May/18 02:22