apunkt/imageproxy
1
0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2026-04-29 23:06:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Disable browser MIME confusion attacks via content-type sniffing

Browse source
This commit is contained in:
Blake Stoddard 2020-10-16 09:58:17 -04:00 committed by Will Norris
parent c6206ea30c
commit c08b3c505a
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
imageproxy.go
View file

@ -255,6 +255,9 @@ func (p *Proxy) serveImage(w http.ResponseWriter, r *http.Request) {
// Add a Content-Security-Policy to prevent stored-XSS attacks via SVG files
w.Header().Set("Content-Security-Policy", "script-src 'none'")
// Disable Content-Type sniffing
w.Header().Set("X-Content-Type-Options", "nosniff")
w.WriteHeader(resp.StatusCode)
if _, err := io.Copy(w, resp.Body); err != nil {
p.logf("error copying response: %v", err)