always add X-Content-Type-Options: nosniff header
This commit is contained in:
parent
4496335f50
commit
4ea8797149
|
@ -6,7 +6,7 @@ use actix_web::{
|
|||
http::header::{
|
||||
Accept, CacheControl, CacheDirective, Charset, ContentDisposition, DispositionParam,
|
||||
DispositionType, Expires, ExtendedValue, Header, HeaderValue, HttpDate, TryIntoHeaderValue,
|
||||
ACCEPT, CACHE_CONTROL, CONTENT_TYPE, EXPIRES, VARY, X_CONTENT_TYPE_OPTIONS,
|
||||
ACCEPT, CACHE_CONTROL, CONTENT_TYPE, EXPIRES, VARY,
|
||||
},
|
||||
web, Error, HttpRequest, HttpResponse,
|
||||
};
|
||||
|
@ -183,9 +183,6 @@ fn add_headers(req: &HttpRequest, download: bool, response: &mut HttpResponse) {
|
|||
HeaderValue::from_str(APPLICATION_OCTET_STREAM.as_ref())
|
||||
.expect("mime type can be encoded to header value"),
|
||||
);
|
||||
response
|
||||
.headers_mut()
|
||||
.insert(X_CONTENT_TYPE_OPTIONS, HeaderValue::from_static("nosniff"));
|
||||
}
|
||||
// the reponse varies based on these request headers
|
||||
response
|
||||
|
|
|
@ -11,7 +11,7 @@ use crate::rate_limit::ForwardedPeerIpKeyExtractor;
|
|||
use actix_files::Files;
|
||||
use actix_governor::{Governor, GovernorConfigBuilder};
|
||||
use actix_web::{
|
||||
http::header::{HeaderName, CONTENT_SECURITY_POLICY},
|
||||
http::header::{HeaderName, HeaderValue, CONTENT_SECURITY_POLICY, X_CONTENT_TYPE_OPTIONS},
|
||||
middleware::{self, DefaultHeaders, Logger},
|
||||
web::{self, Data},
|
||||
App, Error, HttpResponse, HttpServer,
|
||||
|
@ -69,7 +69,11 @@ async fn main() -> std::io::Result<()> {
|
|||
move || {
|
||||
let app = App::new()
|
||||
.wrap(Logger::new(r#"%{r}a "%r" =%s %bbytes %Tsec"#))
|
||||
.wrap(DefaultHeaders::new().add(DEFAULT_CSP))
|
||||
.wrap(
|
||||
DefaultHeaders::new()
|
||||
.add(DEFAULT_CSP)
|
||||
.add((X_CONTENT_TYPE_OPTIONS, HeaderValue::from_static("nosniff"))),
|
||||
)
|
||||
.wrap(middleware::Compress::default())
|
||||
.app_data(db.clone())
|
||||
.app_data(expiry_watch_sender.clone())
|
||||
|
|
Loading…
Reference in New Issue