Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Commit

Permalink
added X-Content-Type-Options: nosniff, fixes #2219
Browse files Browse the repository at this point in the history
  • Loading branch information
@dannycoates
dannycoates committed Mar 31, 2017
1 parent 93c411c commit 8d76ab0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions server/src/server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ app.use((req, res, next) => {
"Content-Security-Policy",
`default-src 'self'; img-src 'self' www.google-analytics.com ${CONTENT_NAME} data:; script-src 'self' www.google-analytics.com 'nonce-${uuid}'; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net; connect-src 'self' www.google-analytics.com ${dsn}; font-src https://code.cdn.mozilla.net;`);
res.header("X-Frame-Options", "DENY");
res.header("X-Content-Type-Options", "nosniff");
addHSTS(req, res);
next();
} else {
Expand Down

0 comments on commit 8d76ab0

Please sign in to comment.