Commit 60fc38f8 authored by Aaron Wells's avatar Aaron Wells Committed by Gerrit Code Review
Browse files

Merge "Use nosniff header to prevent potential XSS via untrusted files in IE" into 1.9_STABLE

parents 120c9379 7b9b434b
......@@ -89,6 +89,7 @@ function serve_file($path, $filename, $mimetype, $options=array()) {
else {
header('Content-Disposition: inline; filename="' . $filename . '"');
}
header('X-Content-Type-Options: nosniff');
if ($options['lifetime'] > 0 && !get_config('nocache')) {
header('Cache-Control: max-age=' . $options['lifetime']);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment