TimeMachine prints raw html with X-Content-Type-Options: nosniff #20098
Labels
Comments
wezell
added a commit
that referenced
this issue
Mar 16, 2021
dsilvam
pushed a commit
that referenced
this issue
Mar 16, 2021
dsilvam
added a commit
that referenced
this issue
Mar 18, 2021
* Fixing Task201014UpdateColumnsValueInIdentifierTableTest (#20026) * Fixing test * run-all * Refactoring validations after code review suggestion * run-all Co-authored-by: Nollymar Longa <> * Updating core-web version * new core-web artifact * 19992 rebuild es client on illegal state exception (#20014) * #1992 Rebuild REST High Level Client if Reactor stopped * #1992 remove not-needed code * #1992 remove not-needed code * #19992 Default impl for rebuildClient. Move rebuilding to seperate catch * #19992 Rebuild client on IllegalState Reactor wrapped and unwrapped * #19992 null-check Co-authored-by: Daniel Silva <daniel.silva@dotcms.com> * Update coreWebReleaseVersion * Issue 20038 samesite strict (#20051) * #20038 redirect using html form * #20038 html based redirect * Updating starter version to 20210305 * new core-web version * Update coreWebReleaseVersion * #19772 Avoid Login when a logout request is sent (#20037) * #19772 Avoid Login when a logout request is sent * #19772 Add test to the MainSuite * #20058 turn on security options (#20061) * Upgrade saml to 21.03 (#20070) * #20063 sending cookies httponly and secure (#20065) * Issue 19934 adding folder to root throws a jsp error (#20073) * If folder is newly not show the permission tab * #19934 Format * Fix tests oracle (#20054) * Fix ContentletWebAPIImplIntegrationTest * replace null with empty string * Remove extra folder extension * run-all * Upgrade saml 21.03 (#20076) * Upgrade saml to 21.03 * upgrade saml to 21.03.1 * Change order of Mapping test. Decrease time in other tests. Move IT t… (#20072) * Change order of Mapping test. Decrease time in other tests. Move IT to Unit * Attempt removing getting-started-layout by id and name * Missing changes * #19683 Create endpoint to get the create content url * Fixing test (#20086) * Fixing test * Fixing test * Update .gitmodules * Find getting started layout by name instead of id (#20092) * Changing the logic to get the Getting Starter portlet layout. Now, it searches by name instead of id * Updating starter version Co-authored-by: Nollymar Longa <> * Updte image api url in gs portlet * Issue 20098 send page mimetype if is page (#20099) * #20058 turn on security options * #20098 this sets the mime type to a page if the url is a page in dotCMS * Remove same height container fix * Update .gitmodules * Update gradle.properties * Update gradle.properties Co-authored-by: Nollymar Longa <nollymar.longa@dotcms.com> Co-authored-by: Nollymar Longa <> Co-authored-by: Will Ezell <will@dotcms.com> Co-authored-by: Freddy Montes <freddymontes@gmail.com> Co-authored-by: dotcmsbuild <dotcmsbuild@dotcms.com> Co-authored-by: Freddy Rodriguez <freddy0309@gmail.com> Co-authored-by: Jonathan <jonathan.sanchez@dotcms.com> Co-authored-by: erickgonzalez <erick.gonzalez@dotcms.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If the http header
is sent by default in the app server, and a user tries to access the time machine, they see raw HTML printed rather than a page rendered. This is because there is no extension on our HTML pages and so when when we try to parse their mime/type, dotCMS is returning "unknown". If the no-sniff header is sent, the user's browser will not try to figure out what type of content is being sent.
The text was updated successfully, but these errors were encountered: