always add X-Content-Type-Options: nosniff header

This commit is contained in:
neri 2022-08-24 10:32:51 +02:00
parent f80035ac82
commit c9a3af3756
2 changed files with 7 additions and 6 deletions

View file

@ -5,7 +5,7 @@ use actix_web::{
error, error,
http::header::{ http::header::{
Accept, Charset, ContentDisposition, DispositionParam, DispositionType, ExtendedValue, Accept, Charset, ContentDisposition, DispositionParam, DispositionType, ExtendedValue,
Header, HeaderValue, CONTENT_TYPE, VARY, X_CONTENT_TYPE_OPTIONS, Header, HeaderValue, CONTENT_TYPE, VARY,
}, },
web, Error, HttpRequest, HttpResponse, web, Error, HttpRequest, HttpResponse,
}; };
@ -176,9 +176,6 @@ fn add_headers(req: &HttpRequest, download: bool, response: &mut HttpResponse) {
HeaderValue::from_str(APPLICATION_OCTET_STREAM.as_ref()) HeaderValue::from_str(APPLICATION_OCTET_STREAM.as_ref())
.expect("mime type can be encoded to header value"), .expect("mime type can be encoded to header value"),
); );
response
.headers_mut()
.insert(X_CONTENT_TYPE_OPTIONS, HeaderValue::from_static("nosniff"));
} }
// the reponse varies based on these request headers // the reponse varies based on these request headers
response response

View file

@ -11,7 +11,7 @@ use crate::rate_limit::ForwardedPeerIpKeyExtractor;
use actix_files::Files; use actix_files::Files;
use actix_governor::{Governor, GovernorConfigBuilder}; use actix_governor::{Governor, GovernorConfigBuilder};
use actix_web::{ use actix_web::{
http::header::{HeaderName, CONTENT_SECURITY_POLICY}, http::header::{HeaderName, HeaderValue, CONTENT_SECURITY_POLICY, X_CONTENT_TYPE_OPTIONS},
middleware::{self, DefaultHeaders, Logger}, middleware::{self, DefaultHeaders, Logger},
web::{self, Data}, web::{self, Data},
App, Error, HttpResponse, HttpServer, App, Error, HttpResponse, HttpServer,
@ -69,7 +69,11 @@ async fn main() -> std::io::Result<()> {
move || { move || {
let app = App::new() let app = App::new()
.wrap(Logger::new(r#"%{r}a "%r" =%s %bbytes %Tsec"#)) .wrap(Logger::new(r#"%{r}a "%r" =%s %bbytes %Tsec"#))
.wrap(DefaultHeaders::new().add(DEFAULT_CSP)) .wrap(
DefaultHeaders::new()
.add(DEFAULT_CSP)
.add((X_CONTENT_TYPE_OPTIONS, HeaderValue::from_static("nosniff"))),
)
.wrap(middleware::Compress::default()) .wrap(middleware::Compress::default())
.app_data(db.clone()) .app_data(db.clone())
.app_data(expiry_watch_sender.clone()) .app_data(expiry_watch_sender.clone())