REST-406: Add X-Content-Type-Options: nosniff header if and only if there's no such header set yet

Branch: issue-3.2/REST-406-add-nosniff-header-once

Branch: rest-3.2.x

Merged

#167 · Created 2017-10-11 · Last updated 2017-10-12

Merged pull request

Merged in issue-3.2/REST-406-add-nosniff-header-once (pull request #167)

fbba605·Author: Maciej Rzymski·Closed by: Maciej Rzymski·2017-10-12

Description

Better, alternative solution to this one https://bitbucket.org/atlassian/atlassian-rest/pull-requests/166/rest-406-add-switch-for-applying/diff

Add X-Content-Type-Options: nosniff header once, i.e. if and only if there's no such header set yet, both in ContainerResponse or ServletResponse.

Hence, this change will not introduce security risk, there's no way to turn this off. The additional means are good precaution means, to get the right header value in the end.

REST-406: Add X-Content-Type-Options: nosniff header if and only if there's no such header set yet

Merged pull request

Description

0 attachments

0 comments

Loading commits...