dhiaayachi / consul

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
https://www.consul.io
Other
0 stars 0 forks source link

[Security] Fix XSS Vulnerability where content-type header wasn't explicitly set #101

Open dhiaayachi opened 1 month ago

dhiaayachi commented 1 month ago

Description

Added middleware to ensure that content-type header is always set to mitigate XSS vulnerability.

Testing & Reproduction steps

Links

PR Checklist

dhiaayachi commented 1 month ago

Thanks for reporting this potential security issue!

The PR mentions updating unit tests to check for the content-type header. Could you please elaborate on how these unit tests can be used to reproduce the XSS vulnerability, even after applying this fix?

Providing more details on how the vulnerability was identified and the specific steps to reproduce it would be helpful for further investigation.