forked from I2P_Developers/i2p.i2p
Console: Add X-Content-Type-Options header everywhere (ticket #1763)
This commit is contained in:
@@ -30,6 +30,7 @@
|
||||
response.setHeader("X-Frame-Options", "SAMEORIGIN");
|
||||
response.setHeader("Content-Security-Policy", "default-src 'self'");
|
||||
response.setHeader("X-XSS-Protection", "1; mode=block");
|
||||
response.setHeader("X-Content-Type-Options", "nosniff");
|
||||
|
||||
%>
|
||||
<%@page pageEncoding="UTF-8"%>
|
||||
|
@@ -30,6 +30,7 @@
|
||||
response.setHeader("X-Frame-Options", "SAMEORIGIN");
|
||||
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
|
||||
response.setHeader("X-XSS-Protection", "1; mode=block");
|
||||
response.setHeader("X-Content-Type-Options", "nosniff");
|
||||
|
||||
%>
|
||||
<%@page pageEncoding="UTF-8"%>
|
||||
|
@@ -27,6 +27,7 @@
|
||||
response.setHeader("X-Frame-Options", "SAMEORIGIN");
|
||||
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
|
||||
response.setHeader("X-XSS-Protection", "1; mode=block");
|
||||
response.setHeader("X-Content-Type-Options", "nosniff");
|
||||
|
||||
%>
|
||||
<%@page pageEncoding="UTF-8"%>
|
||||
|
@@ -23,6 +23,7 @@
|
||||
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
|
||||
if (request.getCharacterEncoding() == null)
|
||||
request.setCharacterEncoding("UTF-8");
|
||||
response.setHeader("X-Content-Type-Options", "nosniff");
|
||||
%>
|
||||
<%@page pageEncoding="UTF-8"%>
|
||||
<%@page trimDirectiveWhitespaces="true"%>
|
||||
|
@@ -30,6 +30,7 @@
|
||||
response.setHeader("X-Frame-Options", "SAMEORIGIN");
|
||||
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
|
||||
response.setHeader("X-XSS-Protection", "1; mode=block");
|
||||
response.setHeader("X-Content-Type-Options", "nosniff");
|
||||
|
||||
%>
|
||||
<%@page pageEncoding="UTF-8"%>
|
||||
|
@@ -30,6 +30,7 @@
|
||||
response.setHeader("X-Frame-Options", "SAMEORIGIN");
|
||||
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
|
||||
response.setHeader("X-XSS-Protection", "1; mode=block");
|
||||
response.setHeader("X-Content-Type-Options", "nosniff");
|
||||
|
||||
%>
|
||||
<%@page pageEncoding="UTF-8"%>
|
||||
|
Reference in New Issue
Block a user