From 41cb218aa8b3b703c9c6bd3d4573977dcfe82717 Mon Sep 17 00:00:00 2001 From: Laura Hausmann Date: Wed, 27 Mar 2024 13:31:53 +0100 Subject: [PATCH] [backend] Set X-Content-Type-Options to nosniff on the drive files endpoint --- packages/backend/src/server/file/send-drive-file.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/packages/backend/src/server/file/send-drive-file.ts b/packages/backend/src/server/file/send-drive-file.ts index 087736902..2482f0ce6 100644 --- a/packages/backend/src/server/file/send-drive-file.ts +++ b/packages/backend/src/server/file/send-drive-file.ts @@ -49,6 +49,8 @@ export default async function (ctx: Koa.Context) { return; } + ctx.set("X-Content-Type-Options", "nosniff"); + const isThumbnail = file.thumbnailAccessKey === key; const isWebpublic = file.webpublicAccessKey === key;