Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set SECURE_CONTENT_TYPE_NOSNIFF setting to True #9033

Closed
rtibbles opened this issue Jan 24, 2022 · 3 comments · Fixed by #9195
Closed

Set SECURE_CONTENT_TYPE_NOSNIFF setting to True #9033

rtibbles opened this issue Jan 24, 2022 · 3 comments · Fixed by #9195
Labels
DEV: backend Python, databases, networking, filesystem...
Milestone
upcoming patch

Comments

@rtibbles
Copy link
Member

Observed behavior

Currently clients can MIME sniff content rather than deferring to the declared MIME type.

Expected behavior

Clients should not be able to MIME sniff content, can set this response header with this setting: https://docs.djangoproject.com/en/1.11/ref/settings/#std:setting-SECURE_CONTENT_TYPE_NOSNIFF
@rtibbles rtibbles added the DEV: backend Python, databases, networking, filesystem... label Jan 24, 2022
@rtibbles rtibbles added this to the 0.15.1 milestone Jan 24, 2022
@marcellamaki marcellamaki modified the milestones: 0.15.1, upcoming patch Feb 14, 2022
@sakshampathak1508
Copy link
Contributor

Hi i would like to work on this issue and make it my first contribution in the world of open source

@rtibbles
Copy link
Member Author

Hi @sakshampathak1508 - we'd be happy to get your contribution. The place to make this change would be in the base.py module in kolibri/deployment/default/settings.

Please branch from the release-v0.15.x branch and target that branch with the pull request.

@sakshampathak1508 sakshampathak1508 mentioned this issue Mar 15, 2022
Merged
9 tasks
@rtibbles rtibbles linked a pull request Mar 15, 2022 that will close this issue
SECURE_CONTENT_TYPE_NOSNIFF setted to True #9195
Merged
9 tasks
@rtibbles
Copy link
Member Author

Fixed in #9195

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
DEV: backend Python, databases, networking, filesystem...
Projects
None yet
Milestone
upcoming patch
Development

Successfully merging a pull request may close this issue.

SECURE_CONTENT_TYPE_NOSNIFF setted to True
3 participants
@rtibbles @marcellamaki @sakshampathak1508