From 78f8de236b7ab9755f0212a740d341a2518968da Mon Sep 17 00:00:00 2001 From: Vika Date: Thu, 2 Jan 2025 06:37:04 +0300 Subject: Set X-Content-Type-Options: nosniff This prevents browsers from guessing the Content-Type, and since we're always making sure to serve with the known-correct content type, we don't need the browser to guess. Change-Id: I02550d6763969f999ec22ec41e5539f945ea7ca4 --- templates/src/lib.rs | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'templates/src') diff --git a/templates/src/lib.rs b/templates/src/lib.rs index 96bf592..d9fe86b 100644 --- a/templates/src/lib.rs +++ b/templates/src/lib.rs @@ -15,7 +15,7 @@ pub mod assets { use axum::response::{IntoResponse, Response}; use axum::extract::Path; use axum::http::StatusCode; - use axum::http::header::{CONTENT_TYPE, CONTENT_ENCODING, CACHE_CONTROL}; + use axum::http::header::{CONTENT_TYPE, CONTENT_ENCODING, CACHE_CONTROL, X_CONTENT_TYPE_OPTIONS}; const ASSETS: include_dir::Dir<'static> = include_dir::include_dir!("$OUT_DIR/"); const CACHE_FOR_A_DAY: &str = "max-age=86400"; @@ -36,14 +36,20 @@ pub mod assets { match ASSETS.get_file(path.clone() + ".gz") { Some(file) => (StatusCode::OK, - [(CONTENT_TYPE, content_type), - (CONTENT_ENCODING, GZIP), - (CACHE_CONTROL, CACHE_FOR_A_DAY)], + [ + (CONTENT_TYPE, content_type), + (CONTENT_ENCODING, GZIP), + (CACHE_CONTROL, CACHE_FOR_A_DAY), + (X_CONTENT_TYPE_OPTIONS, "nosniff") + ], file.contents()).into_response(), None => match ASSETS.get_file(path) { Some(file) => (StatusCode::OK, - [(CONTENT_TYPE, content_type), - (CACHE_CONTROL, CACHE_FOR_A_DAY)], + [ + (CONTENT_TYPE, content_type), + (CACHE_CONTROL, CACHE_FOR_A_DAY), + (X_CONTENT_TYPE_OPTIONS, "nosniff") + ], file.contents()).into_response(), None => StatusCode::NOT_FOUND.into_response() } -- cgit 1.4.1