825 Star 2.8K Fork 1.3K

Discuz / DiscuzX

Merged
!336 修复 MIME Type设置异常导致严格安全设置下程序异常的问题

老周部落:PR_Fix_Mime_Type_Error Discuz:master

老周部落 Created on: 2020-01-06 00:33
缺陷/BUG
Reviewer 134128 discuzx 1578919084 134392 zoewho 1578919099 134400 3dming 1578919100 146896 lootan 1578919519 1157835 comsenzdiscuz 1578943409 5247157 oldhuhu 1578983196   Tester 5247157 oldhuhu 1578983196

互联网上的资源有各种类型,通常浏览器会根据响应头的Content-Type字段来分辨它们的类型。例如:text/html代表html文档,image/png是PNG图片,text/css是CSS样式文档。

然而,Discuz!系统内有些资源的Content-Type是错的或者未定义。这时,某些浏览器会启用MIME-Sniffing来猜测该资源的类型,解析内容并执行。

部分CDN或安全策略考虑到系统安全,禁止了MIME-Sniffing ( X-Content-Type-Options: nosniff ),此时MIME Type设置异常的功能将不能被正常执行,导致Discuz!程序异常。

本PR为查找到的需要添加MIME Type头的文件添加了相关头。

关联Issue:
https://gitee.com/ComsenzDiscuz/DiscuzX/issues/I17UYE
https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IKKGE
https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IE9AW
https://gitee.com/ComsenzDiscuz/DiscuzX/issues/ID8TQ

1 comments, 2 participants 1773794 laozhoubuluo 1594507411

Show action logs Hide action logs
oldhuhu merged Pull Request 2020-01-14 17:24
oldhuhu test passed 2020-01-14 17:24
oldhuhu check passed 2020-01-14 17:24
老周部落 push code 2020-01-08 23:25
老周部落 push code 2020-01-08 23:16
老周部落 push code 2020-01-07 06:16
老周部落 push code 2020-01-06 01:12
老周部落 assigned tester oldhuhu 2020-01-06 00:33
老周部落 assigned reviewer 湖中沉 2020-01-06 00:33
老周部落 assigned reviewer oldhuhu 2020-01-06 00:33
老周部落 assigned reviewer monkeye 2020-01-06 00:33
老周部落 assigned reviewer Discuz! 2020-01-06 00:33
老周部落 assigned reviewer LooTan 2020-01-06 00:33
老周部落 assigned reviewer comsenz-service 2020-01-06 00:33
老周部落 assigned reviewer DiscuzX 2020-01-06 00:33
老周部落 set priority to Secondary 2020-01-06 00:33
老周部落 added label bug 2020-01-06 00:33
PHP
1
https://gitee.com/Discuz/DiscuzX.git
git@gitee.com:Discuz/DiscuzX.git
Discuz
DiscuzX
DiscuzX

Search

102255 3a0e046c 1850385 102255 7aaa926c 1850385