Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 9194ffacc1854feece92e0383f7025ce0d6d2978
https://github.com/tribe29/checkmk/commit/9194ffacc1854feece92e0383f7025ce0…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2020-11-19 (Thu, 19 Nov 2020)
Changed paths:
A .werks/11607
M omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
Log Message:
-----------
11607 SEC Improve GUI security: Prevent changing content type
All web pages served by Checkmk will now have the HTTP header <tt>Header always
set X-Content-Type-Options: "nosniff"</tt> set. It prevents a client
from
guessing the content type based on the provided file. This is a way to opt out
of MIME type sniffing, or, in other words, to say that the MIME types are
deliberately configured.
Further information can be found here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Op…
https://www.chromium.org/Home/chromium-security/corb-for-developers
Change-Id: Ifb48be0c2a9758940019d70dc508db1ebf7bf25d