HTML security header "X-Content-Type-Options: nosniff" breaks various '.gif' icons in CF admin w/ IE11| View in Tracker
Failure Type: Usability Issue
Found In Build/Fixed In Build: CF 2016 Update 5 / 314554
Priority/Frequency: Normal / All users will encounter
Locale/System: / Win 2016
Vote Count: 0
Problem Description: Adding the HTML security header: X-Content-Type-Options: nosniff will prevent Internet Explorer 11 from rendering various icons in the Coldfusion Administrator. Evidently, these icons are of type "PNG" but have been renamed and referenced as type "GIF". Example file: /CFIDE/administrator/images/idelete.gif when attempted to save image shows up as idelete_gif.png Steps to Reproduce: 1. Add security header: "X-Content-Type-Options" with value "nosniff" to IIS site. 2. Logon to CF admin (https://127.0.0.1/CFIDE/administrator) using Internet Explorer 11 3. Go to the Data Sources section. 4. Observe that the Edit, Verify, Delete icons do not appear. Actual Result: Various ".gif" icons do not appear in the Coldfusion administrator Expected Result: These icons should appear. Any Workarounds: Remove the security header "X-Content-Type-Options: nosniff" for the IIS site configured for CF Admin.