mirror of
https://github.com/go-gitea/gitea
synced 2024-11-16 15:01:07 +01:00
Disable content sniffing on PlainTextBytes
(#18359)
- Disable the browser's function to "sniff" for the content-type on the provided plain text, this will prevent the possible usage of user-controlled data being sent, which could be malicious. Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
parent
6ad7a5376a
commit
27ee01e1e8
1 changed files with 1 additions and 0 deletions
|
@ -292,6 +292,7 @@ func (ctx *Context) PlainTextBytes(status int, bs []byte) {
|
||||||
}
|
}
|
||||||
ctx.Resp.WriteHeader(status)
|
ctx.Resp.WriteHeader(status)
|
||||||
ctx.Resp.Header().Set("Content-Type", "text/plain;charset=utf-8")
|
ctx.Resp.Header().Set("Content-Type", "text/plain;charset=utf-8")
|
||||||
|
ctx.Resp.Header().Set("X-Content-Type-Options", "nosniff")
|
||||||
if _, err := ctx.Resp.Write(bs); err != nil {
|
if _, err := ctx.Resp.Write(bs); err != nil {
|
||||||
log.Error("Write bytes failed: %v", err)
|
log.Error("Write bytes failed: %v", err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue