Commit 209b78f1 authored by Aaron Wells's avatar Aaron Wells Committed by Gerrit Code Review
Browse files

Merge "Use nosniff header to prevent potential XSS via untrusted files in IE"

parents af95a779 96b117e5
......@@ -89,6 +89,7 @@ function serve_file($path, $filename, $mimetype, $options=array()) {
else {
header('Content-Disposition: inline; filename="' . $filename . '"');
}
header('X-Content-Type-Options: nosniff');
if ($options['lifetime'] > 0 && !get_config('nocache')) {
header('Cache-Control: max-age=' . $options['lifetime']);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment