From: Lukas Reschke <lukas@statuscode.ch>
Date: Sun, 1 Jul 2012 11:45:20 +0000 (+0200)
Subject: Disable mimesniffing
X-Git-Tag: v4.0.5~46
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=fa7d4c2b3966f92963bdfd7ef0cc58659f475f64;p=nextcloud-server.git

Disable mimesniffing
---

diff --git a/lib/json.php b/lib/json.php
index dfc0a7b894e..de655ebf33a 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -15,6 +15,8 @@ class OC_JSON{
 		if (!self::$send_content_type_header){
 			// We send json data
 			header( 'Content-Type: '.$type );
+			// Force download
+			header( 'Content-Disposition: attachment' );
 			self::$send_content_type_header = true;
 		}
 	}
@@ -85,11 +87,11 @@ class OC_JSON{
 	* Encode and print $data in json format
 	*/
 	public static function encodedPrint($data,$setContentType=true){
-		if(!isset($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '') {
+			// Disable mimesniffing, don't move this to setContentTypeHeader!
+			header( 'X-Content-Type-Options: nosniff' );
 			if($setContentType){
 				self::setContentTypeHeader();
 			}
 			echo json_encode($data);
-		}
 	}
 }