Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-4471

Add HTTP security header X-Content-Type-Options for Zeppelin Server

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.9.0
    • Fix Version/s: 0.9.0
    • Component/s: security
    • Labels:
      None

      Description

      As per Security best practices, Zeppelin server should have an option to include "X-Content-Type-Options: nosniff" header in HTTP response.

      Presence of this header prevents MIME type sniffing attack on web server. Additional info can be found at Mozilla HTTP Header doc

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vrathor-hw Vipin Rathor
                Reporter:
                vrathor-hw Vipin Rathor
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m