Bug 453425 - Send "X-Content-Type-Options: nosniff" header when displaying attachment...

author Reed Loden <reed@reedloden.com>

Tue, 3 Aug 2010 17:52:23 +0000 (12:52 -0500)

committer Reed Loden <reed@reedloden.com>

Tue, 3 Aug 2010 17:52:23 +0000 (12:52 -0500)
author Reed Loden <reed@reedloden.com>
Tue, 3 Aug 2010 17:52:23 +0000 (12:52 -0500)
committer Reed Loden <reed@reedloden.com>
Tue, 3 Aug 2010 17:52:23 +0000 (12:52 -0500)
diff --git a/attachment.cgi b/attachment.cgi

index cdfcc6bf7418d540ec9c15fc5e65f1c572e749b5..789b55fb46e23f5570beb6708d30a8136f088f4d 100755 (executable)
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -338,7 +338,8 @@ sub view {
      }
      print $cgi->header(-type=>"$contenttype; name=\"$filename\"",
                         -content_disposition=> "$disposition; filename=\"$filename\"",
-                       -content_length => $attachment->datasize);
+                       -content_length => $attachment->datasize,
+                       -x_content_type_options => "nosniff");
      disable_utf8();
      print $attachment->data;
  }
author	Reed Loden <reed@reedloden.com>
	Tue, 3 Aug 2010 17:52:23 +0000 (12:52 -0500)
committer	Reed Loden <reed@reedloden.com>
	Tue, 3 Aug 2010 17:52:23 +0000 (12:52 -0500)