myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <...@myfaces.apache.org>
Subject [jira] [Commented] (TOBAGO-1395) Set Content Type Options header to nosniff
Date Tue, 20 May 2014 15:24:38 GMT

    [ https://issues.apache.org/jira/browse/TOBAGO-1395?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14003433#comment-14003433
] 

Hudson commented on TOBAGO-1395:
--------------------------------

SUCCESS: Integrated in tobago-trunk #1179 (See [https://builds.apache.org/job/tobago-trunk/1179/])
TOBAGO-1395: Set Content Type Options header to nosniff
- patch applied
- doing some enhancements (lofwyr: http://svn.apache.org/viewvc/?view=rev&rev=1595204)
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/ajax/AjaxUtils.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/config/TobagoConfig.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/ajax/AjaxResponseRenderer.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigFragment.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigImpl.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigSorter.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/ResponseUtils.java
* /myfaces/tobago/trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/servlet/ResourceServlet.java
* /myfaces/tobago/trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-2.0.xsd
* /myfaces/tobago/trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParserUnitTest.java
* /myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-2.0.xml
* /myfaces/tobago/trunk/tobago-core/src/test/resources/tobago-config-untidy-2.0.xml
* /myfaces/tobago/trunk/tobago-theme/tobago-theme-standard/src/main/java/org/apache/myfaces/tobago/renderkit/html/standard/standard/tag/PageRenderer.java


> Set Content Type Options header to nosniff
> ------------------------------------------
>
>                 Key: TOBAGO-1395
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1395
>             Project: MyFaces Tobago
>          Issue Type: New Feature
>          Components: Core
>    Affects Versions: 2.0.0-beta-3
>            Reporter: Dennis Kieselhorst
>            Priority: Minor
>             Fix For: 2.0.0-beta-4, 2.0.0, 3.0.0-alpha-1
>
>         Attachments: TOBAGO-1395.patch
>
>
> Content sniffing allows malicious users to use polyglots (a file that is valid as multiple
content types). This can be used to execute XSS attacks.
> The X-Content-Type-Options should be set to nosniff by default to avoid this.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message