Bug 671612: Send "X-Content-Type-Options: nosniff" with every response

r/a=LpSolit
author: Matt Selsky <selsky@columbia.edu> 2012-09-09 20:06:39 +0200
committer: Reed Loden <reed@reedloden.com> 2012-09-09 20:06:39 +0200
commit: 36d868c007f778e72ae31c521595515f428edae0 (patch)
tree: 2850427452ad2fb74a84d822fbdd9501aae6a375 /Bugzilla/CGI.pm
parent: 721c112eb5133487ec9112c3e94dc5d00061699c (diff)
download: bugzilla-36d868c007f778e72ae31c521595515f428edae0.tar.gz
bugzilla-36d868c007f778e72ae31c521595515f428edae0.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 7135f7c48..a16ae6686 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -316,6 +316,10 @@ sub header {
         unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
     }
 
+    # Add X-Content-Type-Options header to prevent browsers sniffing
+    # the MIME type away from the declared Content-Type.
+    unshift(@_, '-x_content_type_options' => 'nosniff');
+
     return $self->SUPER::header(@_) || "";
 }
author	Matt Selsky <selsky@columbia.edu>	2012-09-09 20:06:39 +0200
committer	Reed Loden <reed@reedloden.com>	2012-09-09 20:06:39 +0200
commit	36d868c007f778e72ae31c521595515f428edae0 (patch)
tree	2850427452ad2fb74a84d822fbdd9501aae6a375 /Bugzilla/CGI.pm
parent	721c112eb5133487ec9112c3e94dc5d00061699c (diff)
download	bugzilla-36d868c007f778e72ae31c521595515f428edae0.tar.gz bugzilla-36d868c007f778e72ae31c521595515f428edae0.tar.xz