Mercurial > p > roundup > code

diff CHANGES.txt @ 7159:765222ef4cec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- issue2551257: add 'X-Content-Type-Options: nosniff' header for file download when downloading an attached (user supplied file), make sure that an 'X-Content-Type-Options: nosniff' header is sent. Added test for header as well.
author John Rouillard <rouilj@ieee.org>
date Thu, 23 Feb 2023 16:20:32 -0500
parents 6f09103a6522
children be7849588372
line wrap: on
line diff
--- a/CHANGES.txt	Thu Feb 23 16:02:51 2023 -0500
+++ b/CHANGES.txt	Thu Feb 23 16:20:32 2023 -0500
@@ -70,6 +70,8 @@
   security issue with rest when using '*'.
 - issue2551263: In REST response expose rate limiting, sunset, allow
   HTTP headers to calling javascript.
+- issue2551257: When downloading an attached (user supplied file),
+  make sure that an 'X-Content-Type-Options: nosniff' header is sent.
 
 Features:
Roundup Issue Tracker: http://roundup-tracker.org/