diff options
author | Matt Selsky <selsky@columbia.edu> | 2012-09-09 20:06:39 +0200 |
---|---|---|
committer | Reed Loden <reed@reedloden.com> | 2012-09-09 20:06:39 +0200 |
commit | 36d868c007f778e72ae31c521595515f428edae0 (patch) | |
tree | 2850427452ad2fb74a84d822fbdd9501aae6a375 /Bugzilla/CGI.pm | |
parent | 721c112eb5133487ec9112c3e94dc5d00061699c (diff) | |
download | bugzilla-36d868c007f778e72ae31c521595515f428edae0.tar.gz bugzilla-36d868c007f778e72ae31c521595515f428edae0.tar.xz |
Bug 671612: Send "X-Content-Type-Options: nosniff" with every response
r/a=LpSolit
Diffstat (limited to 'Bugzilla/CGI.pm')
-rw-r--r-- | Bugzilla/CGI.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index 7135f7c48..a16ae6686 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -316,6 +316,10 @@ sub header { unshift(@_, '-x_frame_options' => 'SAMEORIGIN'); } + # Add X-Content-Type-Options header to prevent browsers sniffing + # the MIME type away from the declared Content-Type. + unshift(@_, '-x_content_type_options' => 'nosniff'); + return $self->SUPER::header(@_) || ""; } |