Set X-Content-Type-Options: nosniff

This prevents browsers from guessing the Content-Type, and since we're always making sure to serve with the known-correct content type, we don't need the browser to guess. Change-Id: I02550d6763969f999ec22ec41e5539f945ea7ca4
author: Vika <vika@fireburn.ru> 2025-01-02 06:37:04 +0300
committer: Vika <vika@fireburn.ru> 2025-01-02 06:37:04 +0300
commit: 78f8de236b7ab9755f0212a740d341a2518968da (patch)
tree: 7cadf22493c9f25e4b9043321de765547375f49f /templates
parent: d10710326da703f69eaa06723dc66e330fd32745 (diff)
download: kittybox-78f8de236b7ab9755f0212a740d341a2518968da.tar.zst
1 files changed, 12 insertions, 6 deletions
diff --git a/templates/src/lib.rs b/templates/src/lib.rs
index 96bf592..d9fe86b 100644
--- a/templates/src/lib.rs
+++ b/templates/src/lib.rs
@@ -15,7 +15,7 @@ pub mod assets {
     use axum::response::{IntoResponse, Response};
     use axum::extract::Path;
     use axum::http::StatusCode;
-    use axum::http::header::{CONTENT_TYPE, CONTENT_ENCODING, CACHE_CONTROL};
+    use axum::http::header::{CONTENT_TYPE, CONTENT_ENCODING, CACHE_CONTROL, X_CONTENT_TYPE_OPTIONS};
 
     const ASSETS: include_dir::Dir<'static> = include_dir::include_dir!("$OUT_DIR/");
     const CACHE_FOR_A_DAY: &str = "max-age=86400";
@@ -36,14 +36,20 @@ pub mod assets {
 
         match ASSETS.get_file(path.clone() + ".gz") {
             Some(file) => (StatusCode::OK,
-                           [(CONTENT_TYPE, content_type),
-                            (CONTENT_ENCODING, GZIP),
-                            (CACHE_CONTROL, CACHE_FOR_A_DAY)],
+                           [
+                               (CONTENT_TYPE, content_type),
+                               (CONTENT_ENCODING, GZIP),
+                               (CACHE_CONTROL, CACHE_FOR_A_DAY),
+                               (X_CONTENT_TYPE_OPTIONS, "nosniff")
+                           ],
                            file.contents()).into_response(),
             None => match ASSETS.get_file(path) {
                 Some(file) => (StatusCode::OK,
-                               [(CONTENT_TYPE, content_type),
-                                (CACHE_CONTROL, CACHE_FOR_A_DAY)],
+                               [
+                                   (CONTENT_TYPE, content_type),
+                                   (CACHE_CONTROL, CACHE_FOR_A_DAY),
+                                   (X_CONTENT_TYPE_OPTIONS, "nosniff")
+                               ],
                                file.contents()).into_response(),
                 None => StatusCode::NOT_FOUND.into_response()
             }
author	Vika <vika@fireburn.ru>	2025-01-02 06:37:04 +0300
committer	Vika <vika@fireburn.ru>	2025-01-02 06:37:04 +0300
commit	78f8de236b7ab9755f0212a740d341a2518968da (patch)
tree	7cadf22493c9f25e4b9043321de765547375f49f /templates
parent	d10710326da703f69eaa06723dc66e330fd32745 (diff)
download	kittybox-78f8de236b7ab9755f0212a740d341a2518968da.tar.zst