Undocumented content-type

firetail:undefined-content-type

Type:

Observation

Rule Severity:

Medium

Response has Content-Type that is not documented in the schema.

Handling unknown Content-Type values can introduce security risks. For instance, a malicious payload might be treated as a harmless data type, leading to vulnerabilities such as cross-site scripting (XSS) or other security threats.

Remediation

Properly document all content types that an endpoint can deliver in a response.

Example Attack Scenario

How to Identify with Example Scenario

How to Resolve with Example Scenario

How to Identify with Example Scenario

Find the text in bold to identify issues such as these in API specifications

How to Resolve with Example Scenario

Modify the text in bold to resolve issues such as these in API specifications
References:

More findings

All Findings