about summary refs log tree commit diff
path: root/src/frontend
diff options
context:
space:
mode:
Diffstat (limited to 'src/frontend')
-rw-r--r--src/frontend/mod.rs8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/frontend/mod.rs b/src/frontend/mod.rs
index 8338ac6..9ba1a69 100644
--- a/src/frontend/mod.rs
+++ b/src/frontend/mod.rs
@@ -250,6 +250,10 @@ pub async fn homepage<D: Storage>(
         axum::http::header::CONTENT_TYPE,
         axum::http::HeaderValue::from_static(r#"text/html; charset="utf-8""#),
     );
+    headers.insert(
+        axum::http::header::X_CONTENT_TYPE_OPTIONS,
+        axum::http::HeaderValue::from_static("nosniff")
+    );
 
     let user = session.as_deref().map(|s| &s.me);
     match tokio::try_join!(
@@ -365,6 +369,10 @@ pub async fn catchall<D: Storage>(
                 axum::http::header::CONTENT_TYPE,
                 axum::http::HeaderValue::from_static(r#"text/html; charset="utf-8""#),
             );
+            headers.insert(
+                axum::http::header::X_CONTENT_TYPE_OPTIONS,
+                axum::http::HeaderValue::from_static("nosniff")
+            );
             if user.is_some() {
                 headers.insert(
                     axum::http::header::CACHE_CONTROL,
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-01-16 14:04:30 +0000