txaws-dev team mailing list archive

Thread
Date

[Merge] lp:~ack/txaws/xss-hardening into lp:txaws

To: mp+181562@xxxxxxxxxxxxxxxxxx
From: Alberto Donato <alberto.donato@xxxxxxxxxxxxx>
Date: Thu, 22 Aug 2013 14:02:23 -0000
In-reply-to: <20130822140209.17790.15926.launchpad@ackee.canonical.com>
Reply-to: mp+181562@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

The proposal to merge lp:~ack/txaws/xss-hardening into lp:txaws has been updated.

Description changed to:

Based on Chris' branch lp:~tribaal/txaws/xss-hardening, drops the cgi.escape as json content shoudn't be escaped.

It also adds the "X-Content-Type-Options: nosniff" header, to prevent browsers from guessing the content type, and use the one declared in the response (application/json).

For more details, see:
https://code.launchpad.net/~ack/txaws/xss-hardening/+merge/181562
-- 
https://code.launchpad.net/~ack/txaws/xss-hardening/+merge/181562
Your team txAWS Committers is requested to review the proposed merge of lp:~ack/txaws/xss-hardening into lp:txaws.

References

[Merge] lp:~ack/txaws/xss-hardening into lp:txaws
From: Alberto Donato, 2013-08-22