summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorMatt Selsky <selsky@columbia.edu>2012-09-09 20:06:39 +0200
committerReed Loden <reed@reedloden.com>2012-09-09 20:06:39 +0200
commit36d868c007f778e72ae31c521595515f428edae0 (patch)
tree2850427452ad2fb74a84d822fbdd9501aae6a375 /Bugzilla
parent721c112eb5133487ec9112c3e94dc5d00061699c (diff)
downloadbugzilla-36d868c007f778e72ae31c521595515f428edae0.tar.gz
bugzilla-36d868c007f778e72ae31c521595515f428edae0.tar.xz
Bug 671612: Send "X-Content-Type-Options: nosniff" with every response
r/a=LpSolit
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Attachment/PatchReader.pm2
-rw-r--r--Bugzilla/CGI.pm4
2 files changed, 4 insertions, 2 deletions
diff --git a/Bugzilla/Attachment/PatchReader.pm b/Bugzilla/Attachment/PatchReader.pm
index 01a624a8f..cfc7610f4 100644
--- a/Bugzilla/Attachment/PatchReader.pm
+++ b/Bugzilla/Attachment/PatchReader.pm
@@ -37,7 +37,6 @@ sub process_diff {
$last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
# Actually print out the patch.
print $cgi->header(-type => 'text/plain',
- -x_content_type_options => "nosniff",
-expires => '+3M');
disable_utf8();
$reader->iterate_string('Attachment ' . $attachment->id, $attachment->data);
@@ -119,7 +118,6 @@ sub process_interdiff {
$last_reader->sends_data_to(new PatchReader::DiffPrinter::raw());
# Actually print out the patch.
print $cgi->header(-type => 'text/plain',
- -x_content_type_options => "nosniff",
-expires => '+3M');
disable_utf8();
}
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 7135f7c48..a16ae6686 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -316,6 +316,10 @@ sub header {
unshift(@_, '-x_frame_options' => 'SAMEORIGIN');
}
+ # Add X-Content-Type-Options header to prevent browsers sniffing
+ # the MIME type away from the declared Content-Type.
+ unshift(@_, '-x_content_type_options' => 'nosniff');
+
return $self->SUPER::header(@_) || "";
}