Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-4471

Add HTTP security header X-Content-Type-Options for Zeppelin Server

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.9.0
    • 0.9.0
    • security
    • None

    Description

      As per Security best practices, Zeppelin server should have an option to include "X-Content-Type-Options: nosniff" header in HTTP response.

      Presence of this header prevents MIME type sniffing attack on web server. Additional info can be found at Mozilla HTTP Header doc

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #3544

          Activity

            People

              vrathor-hw Vipin Rathor
              vrathor-hw Vipin Rathor
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m