SLING-5092 - Missing Content type for system/console/slinglog/tailer.txt git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1723004 13f79535-47bb-0310-9956-ffa450edef68

commit: f96b4bbf70182cd73e953a7e7a1155b4a63ea6cb [log] [tgz]
author: Chetan Mehrotra <chetanm@apache.org> Tue Jan 05 05:17:11 2016 +0000
committer: Chetan Mehrotra <chetanm@apache.org> Tue Jan 05 05:17:11 2016 +0000
tree: b6caac81af09ca4361233e8355a1c1c672d58acf
parent: e3696000dda53cb47d1d8d37e06bb234074a19a6 [diff]
diff --git a/src/main/java/org/apache/sling/commons/log/logback/internal/SlingLogPanel.java b/src/main/java/org/apache/sling/commons/log/logback/internal/SlingLogPanel.java
index ac67b3f..9f637fb 100644
--- a/src/main/java/org/apache/sling/commons/log/logback/internal/SlingLogPanel.java
+++ b/src/main/java/org/apache/sling/commons/log/logback/internal/SlingLogPanel.java

@@ -134,6 +134,7 @@
         if (req.getPathInfo() != null) {
             if (req.getPathInfo().endsWith(PATH_TAILER)){
                 String appenderName = req.getParameter(PARAM_APPENDER_NAME);
+                addNoSniffHeader(resp);
                 if (appenderName == null){
                     pw.printf("Provide appender name via [%s] request parameter%n", PARAM_APPENDER_NAME);
                     return;
@@ -857,6 +858,9 @@
         return (path != null) ? path : "[stdout]";
     }
 
+    private static void addNoSniffHeader(HttpServletResponse resp) {
+        resp.setHeader("X-Content-Type-Options", "nosniff");
+    }
 
     // ~------------------------------------------------Status Manager
     // Based on ch.qos.logback.core.status.ViewStatusMessagesServletBase

diff --git a/src/test/java/org/apache/sling/commons/log/logback/integration/ITWebConsoleRemote.java b/src/test/java/org/apache/sling/commons/log/logback/integration/ITWebConsoleRemote.java
index 25e76b5..b64be25 100644
--- a/src/test/java/org/apache/sling/commons/log/logback/integration/ITWebConsoleRemote.java
+++ b/src/test/java/org/apache/sling/commons/log/logback/integration/ITWebConsoleRemote.java

@@ -23,6 +23,7 @@
 import java.io.IOException;
 
 import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.Page;
 import com.gargoylesoftware.htmlunit.WebClient;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import org.apache.commons.io.FilenameUtils;
@@ -38,6 +39,7 @@
 import org.ops4j.pax.tinybundles.core.TinyBundle;
 import org.osgi.framework.Constants;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.ops4j.pax.exam.CoreOptions.composite;
 import static org.ops4j.pax.exam.CoreOptions.frameworkProperty;
@@ -134,6 +136,13 @@
         assertTrue(text.contains("testremote.log"));
     }
 
+    @Test
+    public void tailerHeader() throws Exception{
+        Page page = webClient.getPage(prepareUrl("slinglog/tailer.txt?name=webconsoletest1.log"));
+        String nosniffHeader = page.getWebResponse().getResponseHeaderValue("X-Content-Type-Options");
+        assertEquals("nosniff", nosniffHeader);
+    }
+
     @AfterClass
     public static void tearDownClass() {
         if (testContainer != null) {
commit	f96b4bbf70182cd73e953a7e7a1155b4a63ea6cb	[log] [tgz]
author	Chetan Mehrotra <chetanm@apache.org>	Tue Jan 05 05:17:11 2016 +0000
committer	Chetan Mehrotra <chetanm@apache.org>	Tue Jan 05 05:17:11 2016 +0000
tree	b6caac81af09ca4361233e8355a1c1c672d58acf
parent	e3696000dda53cb47d1d8d37e06bb234074a19a6 [diff]