Commit 96b117e5 authored by Yuliya Bozhko's avatar Yuliya Bozhko Committed by Aaron Wells
Browse files

Use nosniff header to prevent potential XSS via untrusted files in IE

Bug 1470281


Solution is to add it to file serving code in places where we do forced
download of files.

Change-Id: Ic46d02f65d9ed1cb57fb50e8fab2cbc9f62428a1
Signed-off-by: default avatarYuliya Bozhko <>
Signed-off-by: Aaron Wells's avatarAaron Wells <>
parent e62fc897
......@@ -89,6 +89,7 @@ function serve_file($path, $filename, $mimetype, $options=array()) {
else {
header('Content-Disposition: inline; filename="' . $filename . '"');
header('X-Content-Type-Options: nosniff');
if ($options['lifetime'] > 0 && !get_config('nocache')) {
header('Cache-Control: max-age=' . $options['lifetime']);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment