Hi! After updating to Joomla 3.0.3 we see this post installation message:
++++++++++++++++++
Since Joomla 3.9.3, Joomla is shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in webbrowsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (i.e. images) will be executed, leading to Cross-Site-Scripting vulnerabilities.
The security teams recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.
Changes for .htaccess
Add the following lines before "## Mod_rewrite in use.":
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
++++++++++++++++++++++
Is this 'nosniff' option also added when we use the .htaccess maker in AdminTools?
Should we resave the .htaccess file using AdminTools after this Joomla update?
Or should we do something else? Or just ignore this?
Kind regards,
Jip
++++++++++++++++++
Since Joomla 3.9.3, Joomla is shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in webbrowsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (i.e. images) will be executed, leading to Cross-Site-Scripting vulnerabilities.
The security teams recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically.
Changes for .htaccess
Add the following lines before "## Mod_rewrite in use.":
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
++++++++++++++++++++++
Is this 'nosniff' option also added when we use the .htaccess maker in AdminTools?
Should we resave the .htaccess file using AdminTools after this Joomla update?
Or should we do something else? Or just ignore this?
Kind regards,
Jip
