This issue was spotted during a penetration test
Content-Type is not defined in response headers for .map resources
With no Content-Type defined, browser might load unexpected file formats and might be considered a security vulnerability.
Steps to reproduce
- Start Liferay
- Execute the following curl command and check the response header
curl -I 'http://localhost:8080/o/classic-theme/css/main.css.map'
curl -I 'http://localhost:8080/o/classic-theme/css/clay.css.map'
Content-Type is not defined.
Contains the appropriate Content-Type.
DXP 7.3 update7
73x Commit: b0743fba0e99ebc4a4c8265b5ae5d430da376b5b
Master Commit: e09a23834186cfe4dc82e8d7de21702e146d98de