always add X-Content-Type-Options: nosniff header
This commit is contained in:
parent
f80035ac82
commit
c9a3af3756
|
@ -5,7 +5,7 @@ use actix_web::{
|
||||||
error,
|
error,
|
||||||
http::header::{
|
http::header::{
|
||||||
Accept, Charset, ContentDisposition, DispositionParam, DispositionType, ExtendedValue,
|
Accept, Charset, ContentDisposition, DispositionParam, DispositionType, ExtendedValue,
|
||||||
Header, HeaderValue, CONTENT_TYPE, VARY, X_CONTENT_TYPE_OPTIONS,
|
Header, HeaderValue, CONTENT_TYPE, VARY,
|
||||||
},
|
},
|
||||||
web, Error, HttpRequest, HttpResponse,
|
web, Error, HttpRequest, HttpResponse,
|
||||||
};
|
};
|
||||||
|
@ -176,9 +176,6 @@ fn add_headers(req: &HttpRequest, download: bool, response: &mut HttpResponse) {
|
||||||
HeaderValue::from_str(APPLICATION_OCTET_STREAM.as_ref())
|
HeaderValue::from_str(APPLICATION_OCTET_STREAM.as_ref())
|
||||||
.expect("mime type can be encoded to header value"),
|
.expect("mime type can be encoded to header value"),
|
||||||
);
|
);
|
||||||
response
|
|
||||||
.headers_mut()
|
|
||||||
.insert(X_CONTENT_TYPE_OPTIONS, HeaderValue::from_static("nosniff"));
|
|
||||||
}
|
}
|
||||||
// the reponse varies based on these request headers
|
// the reponse varies based on these request headers
|
||||||
response
|
response
|
||||||
|
|
|
@ -11,7 +11,7 @@ use crate::rate_limit::ForwardedPeerIpKeyExtractor;
|
||||||
use actix_files::Files;
|
use actix_files::Files;
|
||||||
use actix_governor::{Governor, GovernorConfigBuilder};
|
use actix_governor::{Governor, GovernorConfigBuilder};
|
||||||
use actix_web::{
|
use actix_web::{
|
||||||
http::header::{HeaderName, CONTENT_SECURITY_POLICY},
|
http::header::{HeaderName, HeaderValue, CONTENT_SECURITY_POLICY, X_CONTENT_TYPE_OPTIONS},
|
||||||
middleware::{self, DefaultHeaders, Logger},
|
middleware::{self, DefaultHeaders, Logger},
|
||||||
web::{self, Data},
|
web::{self, Data},
|
||||||
App, Error, HttpResponse, HttpServer,
|
App, Error, HttpResponse, HttpServer,
|
||||||
|
@ -69,7 +69,11 @@ async fn main() -> std::io::Result<()> {
|
||||||
move || {
|
move || {
|
||||||
let app = App::new()
|
let app = App::new()
|
||||||
.wrap(Logger::new(r#"%{r}a "%r" =%s %bbytes %Tsec"#))
|
.wrap(Logger::new(r#"%{r}a "%r" =%s %bbytes %Tsec"#))
|
||||||
.wrap(DefaultHeaders::new().add(DEFAULT_CSP))
|
.wrap(
|
||||||
|
DefaultHeaders::new()
|
||||||
|
.add(DEFAULT_CSP)
|
||||||
|
.add((X_CONTENT_TYPE_OPTIONS, HeaderValue::from_static("nosniff"))),
|
||||||
|
)
|
||||||
.wrap(middleware::Compress::default())
|
.wrap(middleware::Compress::default())
|
||||||
.app_data(db.clone())
|
.app_data(db.clone())
|
||||||
.app_data(expiry_watch_sender.clone())
|
.app_data(expiry_watch_sender.clone())
|
||||||
|
|
Loading…
Reference in New Issue