User images should be served with content sniffing disabled
Bug #1656184 reported by
François Marier
This bug report is a duplicate of:
Bug #1356347: Disable MIME-type sniffing on everything we serve.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Triaged
|
High
|
François Marier |
Bug Description
Images uploaded by users should be served with "X-Content-
https:/
In addition, the main service could expose this header on all responses too.
We'll need to ensure that images without an extension are correctly recognized as gif, jpg or png.
information type: | Private Security → Public |
To post a comment you must log in.
Bug 1252037 needs to be addressed before we can do this.