diff options
author | Micah Anderson <micah@riseup.net> | 2016-10-24 11:29:59 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2016-10-24 11:29:59 -0400 |
commit | 53ddc64b6aa98653b35b23c334df605ed26ea60b (patch) | |
tree | 721a8d822eebe03e7579d01440845ce34ab038ac /puppet | |
parent | 15f8dd13c6d26fa1ad0d06d3ea03e8df260224db (diff) |
Set X-Content-Type-Options nosniff.
Setting this header will prevent the browser from interpreting files as
something else than declared by the content type in the HTTP
headers. This will prevent the browser from MIME-sniffing a response
away from the declared content-type.
When this is not set, older versions of Internet Explorer and Chrome
perform MIME-sniffing on the response body, potentially causing the
response body to be interpreted and displayed as a content type other
than the declared content type.
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/modules/site_apache/templates/vhosts.d/api.conf.erb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb index bfa5d04d..5e27a9e4 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb @@ -23,6 +23,7 @@ Listen 0.0.0.0:<%= @api_port %> <% end -%> Header always unset X-Powered-By Header always unset X-Runtime + Header always set X-Content-Type-Options: nosniff </IfModule> DocumentRoot /srv/leap/webapp/public |