repositories / ssproject1617.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'reflection_development' of gitlab.science.ru.nl:kuhnen/ssproject1617
[ssproject1617.git] / report / v11_httpsec.tex
diff --git a/report/v11_httpsec.tex b/report/v11_httpsec.tex
index 4fb8da8..1b0cc4f 100644 (file)
--- a/report/v11_httpsec.tex
+++ b/report/v11_httpsec.tex
@@ -18,7 +18,7 @@ Verify that every \HTTP{} response contains a
 content type header specifying a safe character set
 (e.g., \emph{UTF-8}, \emph{ISO 8859{-}1}).
 \begin{result}
-    Content type headers may be set anywhere in the application. Furthermure,
+    Content type headers may be set anywhere in the application. Furthermure,\\
     \code{Response::send} ensures that if no content type header is set, all
     responses will fall back to using \code{text/html; charset=UTF-8}.
 \end{result}
@@ -37,7 +37,8 @@ viewed in a 3rd-party X-Frame.
 \begin{result}
     The application will never supply an \code{X-FRAME-OPTIONS} header. While
     this is not really a problem for the home page, a 3rd party X-Frame should
-    not be able to refer to the administrative interfaces of the application.
+    not be able to refer to the administrative interfaces of the application
+    and this should be fixed.
 \end{result}
 
 \item\pass{}