Set X-Content-Type-Options: nosniff

This prevents browsers from guessing the Content-Type, and since we're always making sure to serve with the known-correct content type, we don't need the browser to guess. Change-Id: I02550d6763969f999ec22ec41e5539f945ea7ca4
author: Vika <vika@fireburn.ru> 2025-01-02 06:37:04 +0300
committer: Vika <vika@fireburn.ru> 2025-01-02 06:37:04 +0300
commit: 78f8de236b7ab9755f0212a740d341a2518968da (patch)
tree: 7cadf22493c9f25e4b9043321de765547375f49f /src/media/mod.rs
parent: d10710326da703f69eaa06723dc66e330fd32745 (diff)
download: kittybox-78f8de236b7ab9755f0212a740d341a2518968da.tar.zst
1 files changed, 4 insertions, 0 deletions
diff --git a/src/media/mod.rs b/src/media/mod.rs
index 199f05f..6f263b6 100644
--- a/src/media/mod.rs
+++ b/src/media/mod.rs
@@ -103,6 +103,10 @@ pub(crate) async fn serve<S: MediaStore>(
                             .unwrap_or("application/octet-stream")
                     ).unwrap()
                 );
+                headers.insert(
+                    axum::http::header::X_CONTENT_TYPE_OPTIONS,
+                    axum::http::HeaderValue::from_static("nosniff")
+                );
                 if let Some(length) = metadata.length {
                     headers.typed_insert(ContentLength(length.get().try_into().unwrap()));
                 }
author	Vika <vika@fireburn.ru>	2025-01-02 06:37:04 +0300
committer	Vika <vika@fireburn.ru>	2025-01-02 06:37:04 +0300
commit	78f8de236b7ab9755f0212a740d341a2518968da (patch)
tree	7cadf22493c9f25e4b9043321de765547375f49f /src/media/mod.rs
parent	d10710326da703f69eaa06723dc66e330fd32745 (diff)
download	kittybox-78f8de236b7ab9755f0212a740d341a2518968da.tar.zst