From 551fe100edccdf3809e2e475542292f552dc6e72 Mon Sep 17 00:00:00 2001
From: clsr <clsr@clsr.net>
Date: Fri, 1 Jul 2016 01:08:12 +0200
Subject: Add X-Content-Type-Options: nosniff header

---
 api.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api.go b/api.go
index e580bed..2e5229b 100644
--- a/api.go
+++ b/api.go
@@ -36,6 +36,7 @@ func handleFile(w http.ResponseWriter, r *http.Request) {
 	if csp != "" {
 		w.Header().Set("Content-Security-Policy", csp)
 	}
+	w.Header().Set("X-Content-Type-Options", "nosniff")
 	w.Header().Set("Last-Modified", modtime.UTC().Format(http.TimeFormat))
 	w.Header().Set("Expires", modtime.UTC().Add(time.Hour*24*30).Format(http.TimeFormat))
 	w.Header().Set("Cache-Control", "max-age=2592000")
-- 
cgit