Commit 60fc38f8 authored by Aaron Wells's avatar Aaron Wells Committed by Gerrit Code Review

Merge "Use nosniff header to prevent potential XSS via untrusted files in IE" into 1.9_STABLE

parents 120c9379 7b9b434b
......@@ -89,6 +89,7 @@ function serve_file($path, $filename, $mimetype, $options=array()) {
else {
header('Content-Disposition: inline; filename="' . $filename . '"');
}
header('X-Content-Type-Options: nosniff');
if ($options['lifetime'] > 0 && !get_config('nocache')) {
header('Cache-Control: max-age=' . $options['lifetime']);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment