REST-406: Add X-Content-Type-Options: nosniff header if and only if there's no such header set yet
Maciej Rzymski
Branch: issue-3.2/REST-406-add-nosniff-header-once
Branch: rest-3.2.x
Merged
Merged pull request
Merged in issue-3.2/REST-406-add-nosniff-header-once (pull request #167)
Better, alternative solution to this one https://bitbucket.org/atlassian/atlassian-rest/pull-requests/166/rest-406-add-switch-for-applying/diff
Â
Add
X-Content-Type-Options: nosniff
header once, i.e. if and only if there's no such header set yet, both inContainerResponse
orServletResponse
.Â
Hence, this change will not introduce security risk, there's no way to turn this off. The additional means are good precaution means, to get the right header value in the end.
Â