From 9245e5ca7bab659a00bf301f3db22b8d9608f92b Mon Sep 17 00:00:00 2001
From: Matt Selsky <selsky@columbia.edu>
Date: Tue, 29 May 2012 17:01:42 +0200
Subject: Bug 671612: Send "X-Content-Type-Options: nosniff" with every
 response r/a=LpSolit

---
 Bugzilla/CGI.pm | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'Bugzilla/CGI.pm')

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 98fa3d79b..fc29008c3 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -317,6 +317,10 @@ sub header {
     # and enforce the blocking (rather than the rewriting) mode.
     unshift(@_, '-x_xss_protection' => '1; mode=block');
 
+    # Add X-Content-Type-Options header to prevent browsers sniffing
+    # the MIME type away from the declared Content-Type.
+    unshift(@_, '-x_content_type_options' => 'nosniff');
+
     return $self->SUPER::header(@_) || "";
 }
 
-- 
cgit v1.2.3-24-g4f1b