RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 10:28:10 +00:00
Code Issues Activity Actions

LibWeb: Support X-Content-Type-Options to opt out of MIME type sniffing

Browse source
This commit is contained in:
Brendan Coles 2021-05-19 13:37:36 +00:00 committed by Linus Groh
parent 0681086cad
commit 076cd58817
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Userland/Libraries/LibWeb/Loader/Resource.cpp
View file

@ -82,7 +82,12 @@ void Resource::did_load(Badge<ResourceLoader>, ReadonlyBytes data, const HashMap
dbgln_if(RESOURCE_DEBUG, "This is a data URL with mime-type _{}_", url().data_mime_type());
m_mime_type = url().data_mime_type();
} else {
m_mime_type = Core::guess_mime_type_based_on_filename(url().path());
auto content_type_options = headers.get("X-Content-Type-Options");
if (content_type_options.value_or("").equals_ignoring_case("nosniff")) {
m_mime_type = "text/plain";
} else {
m_mime_type = Core::guess_mime_type_based_on_filename(url().path());
}
}
m_encoding = {};