[
https://issues.apache.org/jira/browse/NIFI-14452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-14452:
------------------------------------
Summary: Add X-Content-Type-Options to Framework HTTP Responses (was: Add
X-Content-Type-Options to REST API Responses)
> Add X-Content-Type-Options to Framework HTTP Responses
> ------------------------------------------------------
>
> Key: NIFI-14452
> URL: https://issues.apache.org/jira/browse/NIFI-14452
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The Jetty Server for the framework REST API sets several HTTP headers for all
> responses. NiFi 2.2.0 changed the implementation from a Spring Security
> Filter to a Jetty Handler so that all responses would have these headers
> without having to pass through the Spring Security Filter Chain.
> The refactored approach did not include the
> [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options]
> header, which was present in earlier versions. The response header should be
> added to instruct clients to respect the response Content-Type header and
> avoid automatic type detection strategies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
