Add a comment regarding the change

ballerina-platform · Oct 30, 2023 · 36ca003 · 36ca003
1 parent 89f9e72
commit 36ca003
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/stdlib/http/src/main/java/org/ballerinalang/net/http/HttpUtil.java b/stdlib/http/src/main/java/org/ballerinalang/net/http/HttpUtil.java
@@ -443,6 +443,9 @@ public static HttpCarbonMessage createErrorMessage(String payload, int statusCod
         if (payload != null) {
             payload = lowerCaseTheFirstLetter(payload);
             response.addHttpContent(new DefaultLastHttpContent(Unpooled.wrappedBuffer(payload.getBytes())));
+            // This header is added to block content sniffing in the old browsers where
+            // the response payload may contain executable scripts
+            // Related issue: ballerina-platform/ballerina-standard-library/issues/5088
             response.setHeader(X_CONTENT_TYPE_OPTIONS, NO_SNIFF);
         } else {
             response.addHttpContent(new DefaultLastHttpContent());