repositories
/
ssproject1617.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
add centralization comments
[ssproject1617.git]
/
report
/
v11_httpsec.tex
diff --git
a/report/v11_httpsec.tex
b/report/v11_httpsec.tex
index
4fb8da8
..
1b0cc4f
100644
(file)
--- a/
report/v11_httpsec.tex
+++ b/
report/v11_httpsec.tex
@@
-18,7
+18,7
@@
Verify that every \HTTP{} response contains a
content type header specifying a safe character set
(e.g., \emph{UTF-8}, \emph{ISO 8859{-}1}).
\begin{result}
content type header specifying a safe character set
(e.g., \emph{UTF-8}, \emph{ISO 8859{-}1}).
\begin{result}
- Content type headers may be set anywhere in the application. Furthermure,
+ Content type headers may be set anywhere in the application. Furthermure,
\\
\code{Response::send} ensures that if no content type header is set, all
responses will fall back to using \code{text/html; charset=UTF-8}.
\end{result}
\code{Response::send} ensures that if no content type header is set, all
responses will fall back to using \code{text/html; charset=UTF-8}.
\end{result}
@@
-37,7
+37,8
@@
viewed in a 3rd-party X-Frame.
\begin{result}
The application will never supply an \code{X-FRAME-OPTIONS} header. While
this is not really a problem for the home page, a 3rd party X-Frame should
\begin{result}
The application will never supply an \code{X-FRAME-OPTIONS} header. While
this is not really a problem for the home page, a 3rd party X-Frame should
- not be able to refer to the administrative interfaces of the application.
+ not be able to refer to the administrative interfaces of the application
+ and this should be fixed.
\end{result}
\item\pass{}
\end{result}
\item\pass{}