Uploaded image for project: 'Imaging'
  1. Imaging
  2. MGNLIMG-225

Can't see image

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • None
    • None
    • None
    • None

      Hi,

       

      Our security team is telling us that we have to add the following header to our Apache:

      “X-Content-Options: nosniff”

      After we added this header, certain image urls were no longer working. Specifically those images that were uploaded as jpg vs jpeg. That is because image/jpg is not a valid content type while image/jpeg is.

      Looking at the following, the issue was identified, but doesn't seem to have been updated:

      https://jira.magnolia-cms.com/browse/MGNLIMG-177

       

      It seems this code is still outputting the content type based on properties from the jcr

      final String contentType;
      try

      { contentType = binary.getParent().getProperty(FileProperties.PROPERTY_CONTENTTYPE).getString(); }

      catch (RepositoryException e)

      { throw new IllegalStateException("Can't get content-type from " + binary); }

      imageResponse.setMediaType(MediaType.parse(contentType));

       

      While the image does render from the servlet, this is causing for content type determination.

       

        Acceptance criteria

              jnodarse Julian Nodarse
              jshankle John Shankle
              Jason Wood, Julie Liu, Nat Guyton
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Bug DoR
                  Task DoD

                    Estimated:
                    Original Estimate - Not Specified
                    Not Specified
                    Remaining:
                    Remaining Estimate - 0d
                    0d
                    Logged:
                    Time Spent - 1h
                    1h