Merge pull request #47758 from sled/security/set-content-type-charset
Set charset in content type response headers (OWASP)
This commit is contained in:
commit
acd8fd142d
@ -233,7 +233,7 @@ def respond_to_invalid_request
|
||||
|
||||
logger.error invalid_request_message
|
||||
logger.info finished_request_message
|
||||
[ 404, { "Content-Type" => "text/plain" }, [ "Page not found" ] ]
|
||||
[ 404, { "Content-Type" => "text/plain; charset=utf-8" }, [ "Page not found" ] ]
|
||||
end
|
||||
|
||||
# Tags are declared in the server but computed in the connection. This allows us per-connection tailored tags.
|
||||
|
@ -32,7 +32,7 @@ def redirect_to(location)
|
||||
if uri.relative? || uri.scheme == "http" || uri.scheme == "https"
|
||||
body = ""
|
||||
else
|
||||
return [400, { "Content-Type" => "text/plain" }, ["Invalid redirection URI"]]
|
||||
return [400, { "Content-Type" => "text/plain; charset=utf-8" }, ["Invalid redirection URI"]]
|
||||
end
|
||||
|
||||
[302, {
|
||||
|
@ -97,7 +97,8 @@ def render_details(req)
|
||||
msg << "\n#{info[:backtrace].join("\n")}\n" if info[:backtrace]
|
||||
end.join("\n\n---\n\n\n")
|
||||
|
||||
[200, { "Content-Type" => "text/plain", "Content-Length" => str.size }, [str]]
|
||||
[200, { "Content-Type" => "text/plain; charset=#{ActionDispatch::Response.default_charset}",
|
||||
"Content-Length" => str.size }, [str]]
|
||||
end
|
||||
|
||||
def blocked_by?(victim, blocker, all_threads)
|
||||
|
@ -48,7 +48,7 @@ def render_exception(request, exception)
|
||||
rescue Exception => failsafe_error
|
||||
$stderr.puts "Error during failsafe response: #{failsafe_error}\n #{failsafe_error.backtrace * "\n "}"
|
||||
|
||||
[500, { "Content-Type" => "text/plain" },
|
||||
[500, { "Content-Type" => "text/plain; charset=utf-8" },
|
||||
["500 Internal Server Error\n" \
|
||||
"If you are the administrator of this website, then please read this web " \
|
||||
"application's log file and/or the web server's log file to find out what " \
|
||||
|
@ -129,7 +129,7 @@ def flag_cookies_as_secure!(headers)
|
||||
|
||||
def redirect_to_https(request)
|
||||
[ @redirect.fetch(:status, redirection_status(request)),
|
||||
{ "Content-Type" => "text/html",
|
||||
{ "Content-Type" => "text/html; charset=utf-8",
|
||||
"Location" => https_location_for(request) },
|
||||
(@redirect[:body] || []) ]
|
||||
end
|
||||
|
@ -51,7 +51,7 @@ def build_response(req)
|
||||
|
||||
headers = {
|
||||
"Location" => uri.to_s,
|
||||
"Content-Type" => "text/html",
|
||||
"Content-Type" => "text/html; charset=#{ActionDispatch::Response.default_charset}",
|
||||
"Content-Length" => body.length.to_s
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user