projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 13abdc4)
Prevent MIME sniffing for attachments
authorTim Düsterhus <duesterhus@woltlab.com>
Tue, 20 Sep 2022 07:19:46 +0000 (09:19 +0200)
committerTim Düsterhus <duesterhus@woltlab.com>
Tue, 20 Sep 2022 07:21:09 +0000 (09:21 +0200)
wcfsetup/install/files/lib/page/AttachmentPage.class.php patch | blob | blame | history

diff --git a/wcfsetup/install/files/lib/page/AttachmentPage.class.php b/wcfsetup/install/files/lib/page/AttachmentPage.class.php
index a4c7614aa3039868d67ec95dd9e23bb582552272..43d62689c572afb92cca53fbf4bf085478656007 100644 (file)
--- a/wcfsetup/install/files/lib/page/AttachmentPage.class.php
+++ b/wcfsetup/install/files/lib/page/AttachmentPage.class.php
@@ -176,6 +176,7 @@ class AttachmentPage extends AbstractPage
         // MIME-Types. One possibility might be a package extending $inlineMimeTypes
         // in an unsafe fashion.
         $this->fileReader->addHeader('content-security-policy', "default-src 'none';");
+        $this->fileReader->addHeader('x-content-type-options', 'nosniff');
 
         if ($this->eTag !== null) {
             $this->fileReader->addHeader('ETag', '"' . $this->eTag . '"');
WoltLab Suite Core (previously WoltLab Community Framework)