Skip to content

Commit

Permalink
backport of commit 55c0ece
Browse files Browse the repository at this point in the history
  • Loading branch information
@sarahalsmiller
sarahalsmiller committed Sep 11, 2024
1 parent 197e0f8 commit 9874595
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .changelog/21704.txt
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
```release-note:security
Explicitly set 'Content-Type' header to mitigate XSS vulnerability.
Explicitly set 'Content-Type' header to mitigate XSS vulnerability.
```
3 changes: 2 additions & 1 deletion agent/http.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -351,12 +351,13 @@ func withRemoteAddrHandler(next http.Handler) http.Handler {
func ensureContentTypeHeader(next http.Handler, logger hclog.Logger) http.Handler {

return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
next.ServeHTTP(resp, req)

val := resp.Header().Get(contentTypeHeader)
if val == "" {
resp.Header().Set(contentTypeHeader, plainContentType)
logger.Debug("warning: content-type header not explicitly set.", "request-path", req.URL)
}
next.ServeHTTP(resp, req)
})
}

Expand Down

0 comments on commit 9874595

Please sign in to comment.