-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add content type headers to raw KV responses #10023
Conversation
🤔 This PR has changes in the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/350888. |
🍒✅ Cherry pick of commit 9f7190a onto |
Add content type headers to raw KV responses
Add content type headers to raw KV responses
Add content type headers to raw KV responses
CVE-2020-25864
A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that a specially crafted KV entry could be used to perform a XSS attack when viewed in the raw mode.
This PR adds content-type headers to raw KV responses to prevent that attack.