~txaws-dev/txaws/trunk

Viewing all changes in revision 156.

Merged xss-hardening [r=fcorrea] [f=1211805,1211810].

Based on Chris' branch lp:~tribaal/txaws/xss-hardening, drops the cgi.escape as json content shoudn't be escaped.

It also adds the "X-Content-Type-Options: nosniff" header, to prevent browsers from guessing the content type, and use the one declared in the response (application/json).

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: