From 4d0dcd3c53a4c8c9944bc23d41de71593c3bd5d6 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Mon, 11 Jan 2016 21:20:42 +0100
Subject: Add X-Download-Options and X-Permitted-Cross-Domain-Policies

Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
---
 core/js/setupchecks.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'core/js/setupchecks.js')

diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
index b1b8dd358d2..f6485c4218c 100644
--- a/core/js/setupchecks.js
+++ b/core/js/setupchecks.js
@@ -202,7 +202,9 @@
 					'X-XSS-Protection': '1; mode=block',
 					'X-Content-Type-Options': 'nosniff',
 					'X-Robots-Tag': 'none',
-					'X-Frame-Options': 'SAMEORIGIN'
+					'X-Frame-Options': 'SAMEORIGIN',
+					'X-Download-Options': 'noopen',
+					'X-Permitted-Cross-Domain-Policies': 'none',
 				};
 
 				for (var header in securityHeaders) {
-- 
cgit v1.2.3