Werk #11607: Improve GUI security: Prevent changing content type
Komponente | User interface |
Titel | Improve GUI security: Prevent changing content type |
Datum | 19.11.2020 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 2.0.0b1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Kompatibel - benötigt kein manuelles Eingreifen |
All web pages served by Checkmk will now have the HTTP header Header always set X-Content-Type-Options: "nosniff" set. It prevents a client from guessing the content type based on the provided file. This is a way to opt out of MIME type sniffing, or, in other words, to say that the MIME types are deliberately configured.
Further information can be found here:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options https://www.chromium.org/Home/chromium-security/corb-for-developers