Our client is using Acunetix as their web application scanner - to find security vulnerabilities. One of the findings is about the Telerik.Web.UI.WebResource.axd. Details of the Acunetix below. How can we resolve this? Thanks!
Acunetix: Content type is not specified
Description
This page does not set a Content-Type header value. This value informs the browser what kind of data to expect. If this
header is missing, the browser may incorrectly handle the data. This could lead to security problems.
/Telerik.Web.UI.WebResource.axd
Recommendation
Set a Content-Type header value for this page
Acunetix: Content type is not specified
Description
This page does not set a Content-Type header value. This value informs the browser what kind of data to expect. If this
header is missing, the browser may incorrectly handle the data. This could lead to security problems.
/Telerik.Web.UI.WebResource.axd
Recommendation
Set a Content-Type header value for this page
1 Answer, 1 is accepted
0
Hi Almin,
Using Telerik Fiddler to investigate all web requests from the browser, I am unable to find any specific request through the WebResource.axd handler that is sent with no content-type header. You can see the results on my end with this screencast.
If this is a behavior that occurs due to a specific ASP.NET or Telerik control configuration, please provide more details about the exact scenario with which the scenario could be recreated locally.
Also, I suggest investigating the requests using fiddler to verify the exact headers of the requests.
Regards,
Ianko
Telerik
Using Telerik Fiddler to investigate all web requests from the browser, I am unable to find any specific request through the WebResource.axd handler that is sent with no content-type header. You can see the results on my end with this screencast.
If this is a behavior that occurs due to a specific ASP.NET or Telerik control configuration, please provide more details about the exact scenario with which the scenario could be recreated locally.
Also, I suggest investigating the requests using fiddler to verify the exact headers of the requests.
Regards,
Ianko
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.