com.atlassian.jira.web.filters
Class XContentTypeOptionsNoSniffFilter

java.lang.Object
  extended by com.atlassian.core.filters.AbstractHttpFilter
      extended by com.atlassian.jira.web.filters.XContentTypeOptionsNoSniffFilter
All Implemented Interfaces:
javax.servlet.Filter

public class XContentTypeOptionsNoSniffFilter
extends com.atlassian.core.filters.AbstractHttpFilter

This exists solely to deal with a security vulnerability in Internet Explorer: JRA-28879 IE can be tricked into parsing a text/html page as a stylesheet if it contains certain characters. Hence, a JIRA page can be loaded as a stylesheet on an external, malicious site and voila, XSS.


Constructor Summary
XContentTypeOptionsNoSniffFilter()
           
 
Method Summary
 void doFilter(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp, javax.servlet.FilterChain chain)
           
 
Methods inherited from class com.atlassian.core.filters.AbstractHttpFilter
destroy, doFilter, init
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

XContentTypeOptionsNoSniffFilter

public XContentTypeOptionsNoSniffFilter()
Method Detail

doFilter

public void doFilter(javax.servlet.http.HttpServletRequest req,
                     javax.servlet.http.HttpServletResponse resp,
                     javax.servlet.FilterChain chain)
              throws javax.servlet.ServletException,
                     IOException
Specified by:
doFilter in class com.atlassian.core.filters.AbstractHttpFilter
Throws:
javax.servlet.ServletException
IOException


Copyright © 2002-2014 Atlassian. All Rights Reserved.