Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.2.x] Add X-Content-Type-Options header to the automated HTTP responses #5088

Closed
TharmiganK opened this issue Oct 26, 2023 · 0 comments
Closed

[1.2.x] Add X-Content-Type-Options header to the automated HTTP responses #5088

TharmiganK opened this issue Oct 26, 2023 · 0 comments
Assignees
@TharmiganK
Labels
module/http Team/PCM Protocol connector packages related issues Team/StandardLibs Type/Task

Comments

@TharmiganK
Copy link
Contributor

Description

This task is to add the X-Content-Type-Options: nosniff header to the automated HTTP responses when the resource is not found. This is to block content sniffing from the response payload which has the resource path information. This will block browsers to execute <script> or <style> if the resource path contains them.

Example response for resource not found:

no matching service found for path : /<script>alert(sessionStorage.getItem("0-ef9-ui"))</script>

Describe your task(s)

Add the above header to the automated error responses

Related area

-> Standard Library

Related issue(s) (optional)

No response

Suggested label(s) (optional)

No response

Suggested assignee(s) (optional)

No response
@TharmiganK TharmiganK self-assigned this Oct 26, 2023
@ballerina-bot ballerina-bot transferred this issue from ballerina-platform/ballerina-lang Oct 26, 2023
@TharmiganK TharmiganK moved this to In Progress in Ballerina Team Main Board Oct 26, 2023
@TharmiganK TharmiganK added module/http Team/PCM Protocol connector packages related issues labels Oct 26, 2023
@TharmiganK TharmiganK mentioned this issue Oct 26, 2023
Merged
@TharmiganK TharmiganK changed the title [Task]: [1.2.x] Add X-Content-Type-Options header to the automated HTTP responses [1.2.x] Add X-Content-Type-Options header to the automated HTTP responses Oct 26, 2023
@TharmiganK TharmiganK moved this from In Progress to PR Sent in Ballerina Team Main Board Oct 26, 2023
@TharmiganK TharmiganK moved this from PR Sent to Done in Ballerina Team Main Board Oct 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TharmiganK TharmiganK

Labels
module/http Team/PCM Protocol connector packages related issues Team/StandardLibs Type/Task
Projects
Ballerina Team Main Board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TharmiganK