Use "nosniff" header to prevent potential XSS via untrusted files in IE
Bug #1470281 reported by
Aaron Wells
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Low
|
Unassigned | ||
1.10 |
Fix Released
|
Low
|
Unassigned | ||
1.9 |
Fix Released
|
Low
|
Unassigned | ||
15.04 |
Fix Released
|
Low
|
Unassigned | ||
15.10 |
Fix Released
|
Low
|
Unassigned |
Bug Description
Yuliya posted this one directly into Gerrit: https:/
Use nosniff header to prevent potential XSS via untrusted files in IE
See
- https:/
- https:/
Solution is to add it to file serving code in places where we do forced download of files.
To post a comment you must log in.
Patch for master: https:/ /reviews. mahara. org/#/c/ 4821/