From 4b55507617d308ffda2803c2815d49028fc22b1c Mon Sep 17 00:00:00 2001
From: Reed Loden <reed@reedloden.com>
Date: Tue, 3 Aug 2010 12:51:23 -0500
Subject: Bug 453425 - Send "X-Content-Type-Options: nosniff" header when
 displaying attachments so IE8 doesn't try to sniff the content type.
 [r=LpSolit a=LpSolit]

---
 attachment.cgi | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'attachment.cgi')

diff --git a/attachment.cgi b/attachment.cgi
index 5bb2a8537..8e69d388f 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -338,7 +338,8 @@ sub view {
     }
     print $cgi->header(-type=>"$contenttype; name=\"$filename\"",
                        -content_disposition=> "$disposition; filename=\"$filename\"",
-                       -content_length => $attachment->datasize);
+                       -content_length => $attachment->datasize,
+                       -x_content_type_options => "nosniff");
     disable_utf8();
     print $attachment->data;
 }
-- 
cgit v1.2.3-24-g4f1b