13
3
Fork 0
Wiki Issues 89 resources competences Projects 8 Code Pull Requests Releases Activity
Browse Source

Disable content sniffing on `PlainTextBytes` (#18359) 

- Disable the browser's function to "sniff" for the content-type on the
provided plain text, this will prevent the possible usage of
user-controlled data being sent, which could be malicious.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
pull/18367/head
Gusted 3 years ago committed by GitHub
parent
6ad7a5376a
commit
27ee01e1e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      modules/context/context.go

1
modules/context/context.go
Unescape View File

@ -292,6 +292,7 @@ func (ctx *Context) PlainTextBytes(status int, bs []byte) {
} }
ctx.Resp.WriteHeader(status) ctx.Resp.WriteHeader(status)
ctx.Resp.Header().Set("Content-Type", "text/plain;charset=utf-8") ctx.Resp.Header().Set("Content-Type", "text/plain;charset=utf-8")
ctx.Resp.Header().Set("X-Content-Type-Options", "nosniff")
if _, err := ctx.Resp.Write(bs); err != nil { if _, err := ctx.Resp.Write(bs); err != nil {
log.Error("Write bytes failed: %v", err) log.Error("Write bytes failed: %v", err)
} }

Write Preview
Loading…
Cancel
Save