diff options
| author | Gusted <williamzijl7@hotmail.com> | 2022-01-22 18:32:35 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-22 13:32:35 -0500 |
| commit | 27ee01e1e866f2f13603af65224ddae77d5149d7 (patch) | |
| tree | 18b2dc30197af73a35ca903042f672620dbfa38b /modules | |
| parent | 6ad7a5376adf3f04b6eed6de9feef09752298cd0 (diff) | |
| download | gitea-27ee01e1e866f2f13603af65224ddae77d5149d7.tar.gz gitea-27ee01e1e866f2f13603af65224ddae77d5149d7.zip | |
Disable content sniffing on `PlainTextBytes` (#18359)
- Disable the browser's function to "sniff" for the content-type on the
provided plain text, this will prevent the possible usage of
user-controlled data being sent, which could be malicious.
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/context/context.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/context/context.go b/modules/context/context.go index 998eafe965..0cbdfa023c 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -292,6 +292,7 @@ func (ctx *Context) PlainTextBytes(status int, bs []byte) { } ctx.Resp.WriteHeader(status) ctx.Resp.Header().Set("Content-Type", "text/plain;charset=utf-8") + ctx.Resp.Header().Set("X-Content-Type-Options", "nosniff") if _, err := ctx.Resp.Write(bs); err != nil { log.Error("Write bytes failed: %v", err) } |