Closed Siven-cyber closed 2 years ago
The platform allows the users to access the services through the use of the Kepler wallet extension (for chrome). As a consequence, internet explorer users cannot log into the service. Moreover, the Chrome fix arrived in version 64, released in 2018. In this sense, since it does not influence Sinfonia data (public data and signed transactions travel from the service), in my opinion, this is not a valid issue.
Prerequisites
Describe the exact steps to reproduce the problem in as many details as possible
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
Describe the issue behavior
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages. If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
BitSong Public Address
bitsong1hcfj50fcazw05awq04k6t62szhgx3aycj9gmp8
Osmosis Public Address
osmo1gr9t7qtm3hwfd6twwe8fx5zzjh5e406ycqznec
Which browser are you using?
Google Chrome
Which is your browser version?
101.0.4951.54
Which kind of device are you using?
Desktop
Are you using a ledger?
No
Which is your ledger version?
No response
Agree the Competition Rules