← Back to team overview

mahara-contributors team mailing list archive

[Bug 1470281] Re: Use "nosniff" header to prevent potential XSS via untrusted files in IE

 

** Changed in: mahara/15.10
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1470281

Title:
  Use "nosniff" header to prevent potential XSS via untrusted files in
  IE

Status in Mahara:
  Fix Released
Status in Mahara 1.10 series:
  Fix Released
Status in Mahara 1.9 series:
  Fix Released
Status in Mahara 15.04 series:
  Fix Released
Status in Mahara 15.10 series:
  Fix Released

Bug description:
  Yuliya posted this one directly into Gerrit:
  https://reviews.mahara.org/#/c/4821/

  Use nosniff header to prevent potential XSS via untrusted files in IE

  See
   - https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx
   - https://www.owasp.org/index.php/List_of_useful_HTTP_headers

  Solution is to add it to file serving code in places where we do
  forced download of files.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1470281/+subscriptions


References