This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/trunk by this push:
new bd1b8a8 Improved: type="text/css" was missing on a call to <<link rel="stylesheet/less>>
bd1b8a8 is described below
commit bd1b8a882d4c497ec9138ea85e1144be33cc4ac6
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Thu Mar 26 12:12:37 2020 +0100
Improved: type="text/css" was missing on a call to <<link rel="stylesheet/less>>
This was reported by OWASP ZAP: "The Content-Type header is missing or empty."
Considered a low vulnerability
---
themes/rainbowstone/template/includes/Header.ftl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/themes/rainbowstone/template/includes/Header.ftl b/themes/rainbowstone/template/includes/Header.ftl
index bb1ad5e..3daa2da 100644
--- a/themes/rainbowstone/template/includes/Header.ftl
+++ b/themes/rainbowstone/template/includes/Header.ftl
@@ -42,7 +42,7 @@ under the License.
<link rel="stylesheet/less" href="<@ofbizContentUrl>${StringUtil.wrapString(styleSheet)}</@ofbizContentUrl>" type="text/css"/>
</#list>
</#if>
- <link rel="stylesheet/less" href="<@ofbizContentUrl>/rainbowstone/${visualTheme.visualThemeId?replace("_","-")?lower_case}.less</@ofbizContentUrl>"/>
+ <link rel="stylesheet/less" href="<@ofbizContentUrl>/rainbowstone/${visualTheme.visualThemeId?replace("_","-")?lower_case}.less</@ofbizContentUrl>" type="text/css"/>
<#if layoutSettings.VT_HDR_JAVASCRIPT?has_content>
<#list layoutSettings.VT_HDR_JAVASCRIPT as javaScript>
<script src="<@ofbizContentUrl>${StringUtil.wrapString(javaScript)}</@ofbizContentUrl>" type="application/javascript"></script>
Locked
