New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of [Security] Fix XSS Vulnerability where content-type header wasn't explicitly set into release/1.19.x #96

Open

4 tasks

dhiaayachi opened this issue Sep 25, 2024 · 0 comments

Owner

dhiaayachi commented Sep 25, 2024

Backport

This PR is auto-generated from hashicorp#21704 to be assessed for backporting due to the inclusion of the label backport/1.19.

The below text is copied from the body of the original PR.

Description

Added middleware to ensure that content-type header is always set to mitigate XSS vulnerability.

Testing & Reproduction steps

Updated unit tests to add additional checks for content-type header
Vercel should deploy UI with no errors

Links

PR Checklist

updated test coverage
external facing docs updated
appropriate backport labels added
not a security concern

Overview of commits

52f4b86 - ede9752 - 4446c25 - 957301e - 55c0ece

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment