Page MenuHomeTelepedia
Create Task
Maniphest T18

Add 'nosniff' header to /images directory
Open, LowPublic
Actions

Description

MediaWiki 1.40 recommends adding the nosniff header to the image directory:

You should configure your webserver to return the http header X-Content-Type-Options: nosniff' for the /images directory. This will instruct browsers to not apply content sniffing when accessing the files. MediaWiki before 1.40 shipped with a content sniffer which disallowed potentially dangerous files at upload time, but this protection has now been removed in favor of this 'X-Content-Type-Options: nosniff' header and the installer will return a warning when it is not in place.

We need to do this before we fully upgrade to 1.40.

Event Timeline

OriginalAuthority triaged this task as Low priority.Jun 18 2023, 6:57 AM
OriginalAuthority created this task.
OriginalAuthority created this object with edit policy "All Users".
OriginalAuthority claimed this task.Oct 10 2023, 11:09 PM

Still needed, but will need to be sent on S3's end.

OriginalAuthority added a comment.Oct 25 2023, 4:31 PM

This is slightly harder, due to the fact that S3 doesn't allow much scalability in terms of adding headers; notwithstanding this, we can probably do this on Fastly's end? Maybe.

OriginalAuthority moved this task from Backlog to Short Term on the MediaWiki board.Dec 9 2023, 12:48 AM