[tahoe-lafs-trac-stream] [tahoe-lafs] #2126: send application/json content-type for JSON response
tahoe-lafs
trac at tahoe-lafs.org
Mon Dec 2 17:22:33 UTC 2013
#2126: send application/json content-type for JSON response
---------------------+---------------------------
Reporter: freddyb | Owner:
Type: defect | Status: new
Priority: normal | Milestone: undecided
Component: website | Version: 1.10.0
Keywords: | Launchpad Bug:
---------------------+---------------------------
Multiple files in the `web` directory contain the line
`inevow.IRequest(ctx).setHeader("content-type", "text/plain")` for JSON
responses. The correct type would be application/json.
I guess this is a minor issue, though content-type confusions have caused
XSS for users of Internet Explorer (though mostly when it incorrectly
guesses an HTML type, I don't know if this applies with text/plain already
given)
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2126>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list