Merge from bugzilla/4.2

author: Reed Loden <reed@reedloden.com> 2012-09-09 20:18:13 +0200
committer: Reed Loden <reed@reedloden.com> 2012-09-09 20:18:13 +0200
commit: 5b60e53069cec09fabcdebb9a0f02b1f360b7093 (patch)
tree: d75cdaa860626fa35159ac5d84342861cbcabe1a /Bugzilla/CGI.pm
parent: eff81ebcc4cca75b7b4feba1fe529d8272855c45 (diff)
parent: 36d868c007f778e72ae31c521595515f428edae0 (diff)
download: bugzilla-5b60e53069cec09fabcdebb9a0f02b1f360b7093.tar.gz
bugzilla-5b60e53069cec09fabcdebb9a0f02b1f360b7093.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 7f98c1653..2feb0b098 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -331,6 +331,10 @@ sub header {
     # and enforce the blocking (rather than the rewriting) mode.
     unshift(@_, '-x_xss_protection' => '1; mode=block');
 
+    # Add X-Content-Type-Options header to prevent browsers sniffing
+    # the MIME type away from the declared Content-Type.
+    unshift(@_, '-x_content_type_options' => 'nosniff');
+
     return $self->SUPER::header(@_) || "";
 }
author	Reed Loden <reed@reedloden.com>	2012-09-09 20:18:13 +0200
committer	Reed Loden <reed@reedloden.com>	2012-09-09 20:18:13 +0200
commit	5b60e53069cec09fabcdebb9a0f02b1f360b7093 (patch)
tree	d75cdaa860626fa35159ac5d84342861cbcabe1a /Bugzilla/CGI.pm
parent	eff81ebcc4cca75b7b4feba1fe529d8272855c45 (diff)
parent	36d868c007f778e72ae31c521595515f428edae0 (diff)
download	bugzilla-5b60e53069cec09fabcdebb9a0f02b1f360b7093.tar.gz bugzilla-5b60e53069cec09fabcdebb9a0f02b1f360b7093.tar.xz