We use cookies to ensure that we give you the best experience on our website.  Visit our Privacy Policy to learn more. If you continue to use this site, we will assume that you are okay with it.

Your choices regarding cookies on this site.
Your preferences have been updated.
In order for the changes to take effect completely please clear your browser cookies and cache. Then reload the page.

Werk #11607: Improve GUI security: Prevent changing content type

ComponentGUI
TitleImprove GUI security: Prevent changing content type
Date2020-11-19 08:38:17
Checkmk EditionCheckmk Raw Edition (CRE)
Checkmk Version2.0.0b1
LevelTrivial Change
ClassSecurity Fix
CompatibilityCompatible - no manual interaction needed

All web pages served by Checkmk will now have the HTTP header Header always set X-Content-Type-Options: "nosniff" set. It prevents a client from guessing the content type based on the provided file. This is a way to opt out of MIME type sniffing, or, in other words, to say that the MIME types are deliberately configured.

Further information can be found here:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options https://www.chromium.org/Home/chromium-security/corb-for-developers