Title:
HTML security header "X-Content-Type-Options: nosniff" breaks various '.gif' icons in CF admin w/ IE11
| View in TrackerStatus/Resolution/Reason: Closed/Fixed/Fixed
Reporter/Name(from Bugbase): Chris D / Chris D ()
Created: 12/15/2017
Components: Administrator
Versions: 2016,11.0,2018
Failure Type: Usability Issue
Found In Build/Fixed In Build: CF 2016 Update 5 / 314554
Priority/Frequency: Normal / All users will encounter
Locale/System: / Win 2016
Vote Count: 0
Problem Description: Adding the HTML security header:
X-Content-Type-Options: nosniff
will prevent Internet Explorer 11 from rendering various icons in the Coldfusion Administrator.
Evidently, these icons are of type "PNG" but have been renamed and referenced as type "GIF".
Example file: /CFIDE/administrator/images/idelete.gif when attempted to save image shows up as idelete_gif.png
Steps to Reproduce:
1. Add security header: "X-Content-Type-Options" with value "nosniff" to IIS site.
2. Logon to CF admin (https://127.0.0.1/CFIDE/administrator) using Internet Explorer 11
3. Go to the Data Sources section.
4. Observe that the Edit, Verify, Delete icons do not appear.
Actual Result:
Various ".gif" icons do not appear in the Coldfusion administrator
Expected Result:
These icons should appear.
Any Workarounds:
Remove the security header "X-Content-Type-Options: nosniff" for the IIS site configured for CF Admin.Attachments:
Comments: