diff options
| author | ᴜɴᴋɴᴡᴏɴ <u@gogs.io> | 2020-03-23 22:18:05 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-23 22:18:05 +0800 |
| commit | e14b6abf9dae13bc087c9d9db8fe7c7a5125c792 (patch) | |
| tree | 0faf250433a7efe177ecccc7b86784d841898eff /internal/context | |
| parent | 740f814ce0b07237e4886a8723e3f2b129d3ea42 (diff) | |
http: always set header `X-Content-Type-Options` to `nosniff` (#6008)
Diffstat (limited to 'internal/context')
| -rw-r--r-- | internal/context/context.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/internal/context/context.go b/internal/context/context.go index 142fd241..a34398a2 100644 --- a/internal/context/context.go +++ b/internal/context/context.go @@ -335,6 +335,10 @@ func Contexter() macaron.Handler { c.renderNoticeBanner() + // 🚨 SECURITY: Prevent MIME type sniffing in some browsers, + // see https://github.com/gogs/gogs/issues/5397 for details. + c.Header().Set("X-Content-Type-Options", "nosniff") + ctx.Map(c) } } |