io.camunda.security.configuration.headers.ContentTypeOptionsConfig

public class ContentTypeOptionsConfig extends Object

Configures X-Content-Type-Options header to prevent MIME type sniffing attacks.

The X-Content-Type-Options header prevents browsers from MIME-sniffing a response away from the declared Content-Type. When enabled (default state), it sets the header value to 'nosniff', which instructs browsers to strictly follow the Content-Type header provided by the server.

This prevents several security vulnerabilities: - Malicious JavaScript execution when browsers misinterpret file types - XSS attacks through polyglot files (files valid as multiple MIME types) - Drive-by downloads where browsers execute disguised malicious content

With 'nosniff' enabled: - Scripts must be served with correct JavaScript MIME types - Stylesheets must be served with text/css - Browsers won't try to "guess" the content type

See Also:

Constructor Summary

Constructors

Constructor

Description

ContentTypeOptionsConfig()
Method Summary

Modifier and Type

Method

Description

boolean

isDisabled()

boolean

isEnabled()

void

setEnabled(boolean enabled)

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- ContentTypeOptionsConfig
  
  public ContentTypeOptionsConfig()
Method Details
- isEnabled
  
  public boolean isEnabled()
- setEnabled
  
  public void setEnabled(boolean enabled)
- isDisabled
  
  public boolean isDisabled()

Class ContentTypeOptionsConfig

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Details

ContentTypeOptionsConfig

Method Details

isEnabled

setEnabled

isDisabled