You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Files served with Content-Disposition: inline create a serious security issue when any form of authentication in browser gets implemented. For example, a html file can run javascript on the same origin, as API endpoints and make use o user's credentials. We can't be sure, that only files with Content-Type: text/html create that issue, as it is not standarized to my knowlege and depends on browser implementation.
The text was updated successfully, but these errors were encountered:
Files served with
Content-Disposition: inlinecreate a serious security issue when any form of authentication in browser gets implemented. For example, a html file can run javascript on the same origin, as API endpoints and make use o user's credentials. We can't be sure, that only files withContent-Type: text/htmlcreate that issue, as it is not standarized to my knowlege and depends on browser implementation.The text was updated successfully, but these errors were encountered: