Merge remote-tracking branch 'origin/support/2.7' into support/3.0

# Conflicts: # application/ajaxwebpage.class.inc.php # application/webpage.class.inc.php # application/xmlpage.class.inc.php # core/config.class.inc.php
2026-02-12 23:14:18 +01:00 · 2024-01-05 10:58:51 +01:00
parent 6042e7f74d a4f6f6e877
commit 48c4e2d13d
4 changed files with 52 additions and 5 deletions
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -1531,6 +1531,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false,
 		],
+		'security.enable_header_xcontent_type_options' => [
+			'type' => 'bool',
+			'description' => 'If set to false, iTop will stop sending the X-Content-Type-Options HTTP header. This header could trigger CORB protection on certain resources (JSON, XML, HTML, text) therefore blocking them.',
+			'default' => true,
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		],
 		'security.disable_inline_documents_sandbox' => [
 			'type' => 'bool',
 			'description' => 'If true then the sandbox for documents displayed in a browser tab will be disabled; enabling scripts and other interactive content. Note that setting this to true will open the application to potential XSS attacks!',