[checkmk-commits] [tribe29/checkmk] 9194ff: 11607 SEC Improve GUI security: Prevent changing c...

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 9194ffacc1854feece92e0383f7025ce0d6d2978 https://github.com/tribe29/checkmk/commit/9194ffacc1854feece92e0383f7025ce0… Author: Lars Michelsen &lt;lm(a)tribe29.com&gt; Date: 2020-11-19 (Thu, 19 Nov 2020) Changed paths: A .werks/11607 M omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf Log Message: ----------- 11607 SEC Improve GUI security: Prevent changing content type All web pages served by Checkmk will now have the HTTP header <tt>Header always set X-Content-Type-Options: "nosniff"</tt> set. It prevents a client from guessing the content type based on the provided file. This is a way to opt out of MIME type sniffing, or, in other words, to say that the MIME types are deliberately configured. Further information can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Op… https://www.chromium.org/Home/chromium-security/corb-for-developers Change-Id: Ifb48be0c2a9758940019d70dc508db1ebf7bf25d