txaws-dev team mailing list archive
-
txaws-dev team
-
Mailing list archive
-
Message #00151
[Merge] lp:~ack/txaws/xss-hardening into lp:txaws
The proposal to merge lp:~ack/txaws/xss-hardening into lp:txaws has been updated.
Description changed to:
Based on Chris' branch lp:~tribaal/txaws/xss-hardening, drops the cgi.escape as json content shoudn't be escaped.
It also adds the "X-Content-Type-Options: nosniff" header, to prevent browsers from guessing the content type, and use the one declared in the response (application/json).
For more details, see:
https://code.launchpad.net/~ack/txaws/xss-hardening/+merge/181562
--
https://code.launchpad.net/~ack/txaws/xss-hardening/+merge/181562
Your team txAWS Committers is requested to review the proposed merge of lp:~ack/txaws/xss-hardening into lp:txaws.
References