Impact of setting glide.security.header.auto_set_x_content_type_options property

Ethan Davies · ‎08-15-2023

Hey all,

I have been looking into some of the Instance Hardening properties and came across the recommendation to set the glide.security.header.auto_set_x_content_type_options to true. As I understand setting this to TRUE will help mitigate the risk of MIME Confusion attacks by requiring the Content Type to be specified in the HTTPS Respone.

I am trying to understand the impact of enabling this in an environment where there are existing integrations inbound and outbound, both SOAP and REST. What are your experiences in enabling this property and are there any big risks or foreseen impacts that come to mind?

Thanks,

Ethan

J McMillan · ‎10-16-2023

@Ethan Davies very curious if you got an answer to this question anywhere else? My team is also looking into this setting due to a recommendation from a security tool.

Thanks, Jeff

Gemma4 · ‎02-14-2024

@Ethan Davies and @J McMillan Did either of you receive any feedback on this. Seeking to understand the impact. thanks

Ethan Davies · ‎02-16-2024

I did not - we did not end up changing the property in the end. It is something you can probably raise a NowSupport ticket for though, I am sure they will give you an answer.

Gemma4 · ‎02-16-2024

Thanks so much!