Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-159182

Content-Type is not defined in response headers for .map resources.

Details

    • 7.3.x
    • Committed

    Description

      Background
      This issue was spotted during a penetration test

      Issue
      Content-Type is not defined in response headers for .map resources
      With no Content-Type defined, browser might load unexpected file formats and might be considered a security vulnerability.

      Steps to reproduce

      1. Start Liferay
      2. Execute the following curl command and check the response header

        curl -I 'http://localhost:8080/o/classic-theme/css/main.css.map'
        curl -I 'http://localhost:8080/o/classic-theme/css/clay.css.map'

      Actual result
      Content-Type is not defined.

      Expected result
      Contains the appropriate Content-Type.

      Reproduced in
      DXP 7.3 update7
      73x Commit: b0743fba0e99ebc4a4c8265b5ae5d430da376b5b
      Master Commit: e09a23834186cfe4dc82e8d7de21702e146d98de

       

      Attachments

        Activity

          People

            yanan.yuan Yanan Yuan(Ashley Yuan)
            hong.vo Hong Vo
            Kiyoshi Lee Kiyoshi Lee
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              7 weeks, 5 days ago

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours
                2h

                Packages

                  Version Package
                  7.3.X
                  7.4.3.37 CE GA37
                  7.4.3.38 CE GA38
                  Master