marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Console: Add X-Content-Type-Options header everywhere (ticket #1763)

Browse Source
This commit is contained in:
zzz
2016-02-25 14:56:06 +00:00
parent a79b25d7b1
commit 248deaecbb
22 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
apps/susidns/src/jsp/addressbook.jsp
View File

@@ -30,6 +30,7 @@
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
%>
<%@page pageEncoding="UTF-8"%>

1
apps/susidns/src/jsp/config.jsp
View File

@@ -30,6 +30,7 @@
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
%>
<%@page pageEncoding="UTF-8"%>

1
apps/susidns/src/jsp/details.jsp
View File

@@ -27,6 +27,7 @@
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
%>
<%@page pageEncoding="UTF-8"%>

1
apps/susidns/src/jsp/export.jsp
View File

@@ -23,6 +23,7 @@
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
if (request.getCharacterEncoding() == null)
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Content-Type-Options", "nosniff");
%>
<%@page pageEncoding="UTF-8"%>
<%@page trimDirectiveWhitespaces="true"%>

1
apps/susidns/src/jsp/index.jsp
View File

@@ -30,6 +30,7 @@
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
%>
<%@page pageEncoding="UTF-8"%>

1
apps/susidns/src/jsp/subscriptions.jsp
View File

@@ -30,6 +30,7 @@
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
%>
<%@page pageEncoding="UTF-8"%>