I have run Zap scanning tool on my Grafana Project. we are using grafana 6.7.3 version.
Zap has reported X-Content-Type-Options Header Missing alert. Below is detail of Alert -
| Low (Medium) | X-Content-Type-Options Header Missing |
|---|---|
| Description | The Anti-MIME-Sniffing header X-Content-Type-Options was not set to ‘nosniff’. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing. |
| URL | http://<IpAddress>/api/datasources/proxy/1/api/v1/series?<match-condition> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/public/img/grafana_mask_icon.svg |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/datasources/proxy/1/api/v1/series?<match-condition> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/datasources/proxy/1/api/v1/series?<match-condition> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/public/fonts/grafana-icons.ttf?okx5td |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/public/build/angular~app.6e0e26a4129f9f25ab6d.js |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/public/build/vendors~app.6e0e26a4129f9f25ab6d.js |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/datasources/proxy/1/api/v1/series?<match=condition> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/dashboards/tags |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/datasources/proxy/1/api/v1/series?<match-condition> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/search?<search-condition> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/public/build/grafana.light.6e0e26a4129f9f25ab6d.css |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/public/build/default~DashboardPage~SoloPanelPage.6e0e26a4129f9f25ab6d.js |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/datasources/proxy/1/api/v1/series?<match-condition> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/public/img/fav32.png |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/datasources/proxy/1/api/v1/query_range?<query-range> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/datasources/proxy/1/api/v1/series?<match-condition> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/public/fonts/icons/ericsson-icons.ttf?hjv3kp |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/public/build/runtime.6e0e26a4129f9f25ab6d.js |
| Method | GET |
| Parameter | X-Content-Type-Options |
| URL | http://<IpAddress>/api/datasources/proxy/1/api/v1/series?<match-condition> |
| Method | GET |
| Parameter | X-Content-Type-Options |
| Instances | 139 |
Could you please let me know the resolution for the same.
Regards,
Abhimanyu