Skip to content

bugzilla
bugzilla
Commit 9245e5ca authored by Matt Selsky's avatar Matt Selsky Committed by Frédéric Buclin
Browse files
Options

Bug 671612: Send "X-Content-Type-Options: nosniff" with every response

r/a=LpSolit
parent 19b51489
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 4 deletions
Bugzilla/Attachment/PatchReader.pm
View file @ 9245e5ca
...@@ -27,7 +27,6 @@ sub process_diff { ...@@ -27,7 +27,6 @@ sub process_diff {
$last_reader->sends_data_to(new PatchReader::DiffPrinter::raw()); $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
# Actually print out the patch. # Actually print out the patch.
print $cgi->header(-type => 'text/plain', print $cgi->header(-type => 'text/plain',
-x_content_type_options => "nosniff",
-expires => '+3M'); -expires => '+3M');
disable_utf8(); disable_utf8();
$reader->iterate_string('Attachment ' . $attachment->id, $attachment->data); $reader->iterate_string('Attachment ' . $attachment->id, $attachment->data);
...@@ -109,7 +108,6 @@ sub process_interdiff { ...@@ -109,7 +108,6 @@ sub process_interdiff {
$last_reader->sends_data_to(new PatchReader::DiffPrinter::raw()); $last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
# Actually print out the patch. # Actually print out the patch.
print $cgi->header(-type => 'text/plain', print $cgi->header(-type => 'text/plain',
-x_content_type_options => "nosniff",
-expires => '+3M'); -expires => '+3M');
disable_utf8(); disable_utf8();
} }
......
Bugzilla/CGI.pm
View file @ 9245e5ca
...@@ -317,6 +317,10 @@ sub header { ...@@ -317,6 +317,10 @@ sub header {
# and enforce the blocking (rather than the rewriting) mode. # and enforce the blocking (rather than the rewriting) mode.
unshift(@_, '-x_xss_protection' => '1; mode=block'); unshift(@_, '-x_xss_protection' => '1; mode=block');
# Add X-Content-Type-Options header to prevent browsers sniffing
# the MIME type away from the declared Content-Type.
unshift(@_, '-x_content_type_options' => 'nosniff');
return $self->SUPER::header(@_) || ""; return $self->SUPER::header(@_) || "";
} }
......
attachment.cgi
View file @ 9245e5ca
...@@ -385,8 +385,7 @@ sub view { ...@@ -385,8 +385,7 @@ sub view {
} }
print $cgi->header(-type=>"$contenttype; name=\"$filename\"", print $cgi->header(-type=>"$contenttype; name=\"$filename\"",
-content_disposition=> "$disposition; filename=\"$filename\"", -content_disposition=> "$disposition; filename=\"$filename\"",
-content_length => $attachment->datasize, -content_length => $attachment->datasize);
-x_content_type_options => "nosniff");
disable_utf8(); disable_utf8();
print $attachment->data; print $attachment->data;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment