mirror of
https://github.com/filebrowser/filebrowser.git
synced 2026-07-17 16:36:49 +00:00
fix: set X-Content-Type-Options: nosniff on raw file responses
Prevents browsers from MIME-sniffing uploaded files into a renderable type.
This commit is contained in:
parent
19514367ad
commit
35db07d015
1 changed files with 1 additions and 0 deletions
|
|
@ -225,6 +225,7 @@ func rawFileHandler(w http.ResponseWriter, r *http.Request, file *files.FileInfo
|
|||
|
||||
setContentDisposition(w, r, file)
|
||||
w.Header().Add("Content-Security-Policy", `script-src 'none';`)
|
||||
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||||
w.Header().Set("Cache-Control", "private")
|
||||
http.ServeContent(w, r, file.Name, file.ModTime, fd)
|
||||
return 0, nil
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue