From: Reed Loden <reed@reedloden.com>
Date: Tue, 3 Aug 2010 17:52:23 +0000 (-0500)
Subject: Bug 453425 - Send "X-Content-Type-Options: nosniff" header when displaying attachment... 
X-Git-Tag: bugzilla-3.7.3~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b777358d912b37994d633e440f9bfadf6919ac86;p=thirdparty%2Fbugzilla.git

Bug 453425 - Send "X-Content-Type-Options: nosniff" header when displaying attachments so IE8 doesn't try to sniff the content type.
[r=LpSolit a=LpSolit]
---

diff --git a/attachment.cgi b/attachment.cgi
index cdfcc6bf74..789b55fb46 100755
--- a/attachment.cgi
+++ b/attachment.cgi
@@ -338,7 +338,8 @@ sub view {
     }
     print $cgi->header(-type=>"$contenttype; name=\"$filename\"",
                        -content_disposition=> "$disposition; filename=\"$filename\"",
-                       -content_length => $attachment->datasize);
+                       -content_length => $attachment->datasize,
+                       -x_content_type_options => "nosniff");
     disable_utf8();
     print $attachment->data;
 }