mirror of
https://github.com/willnorris/imageproxy.git
synced 2024-12-16 21:56:43 -05:00
Disable browser MIME confusion attacks via content-type sniffing
This commit is contained in:
parent
c6206ea30c
commit
c08b3c505a
1 changed files with 3 additions and 0 deletions
|
@ -255,6 +255,9 @@ func (p *Proxy) serveImage(w http.ResponseWriter, r *http.Request) {
|
||||||
// Add a Content-Security-Policy to prevent stored-XSS attacks via SVG files
|
// Add a Content-Security-Policy to prevent stored-XSS attacks via SVG files
|
||||||
w.Header().Set("Content-Security-Policy", "script-src 'none'")
|
w.Header().Set("Content-Security-Policy", "script-src 'none'")
|
||||||
|
|
||||||
|
// Disable Content-Type sniffing
|
||||||
|
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||||||
|
|
||||||
w.WriteHeader(resp.StatusCode)
|
w.WriteHeader(resp.StatusCode)
|
||||||
if _, err := io.Copy(w, resp.Body); err != nil {
|
if _, err := io.Copy(w, resp.Body); err != nil {
|
||||||
p.logf("error copying response: %v", err)
|
p.logf("error copying response: %v", err)
|
||||||
|
|
Loading…
Reference in a new issue