Add nosniff header

2018-01-09 11:04:02 +01:00 · 2018-01-09 11:04:02 +01:00 · 415253b1b1
parent d07b7e3773
commit 415253b1b1
3 changed files with 3 additions and 0 deletions
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@ -90,6 +90,7 @@ function page_headers() {
 	if ($adminer->headers()) {
 		header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
 		header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
+		header("X-Content-Type-Options: nosniff");
 		header("Referrer-Policy: origin-when-cross-origin");
 	}
 }
--- a/changes.txt
+++ b/changes.txt
@ -1,4 +1,5 @@
 Adminer 4.3.2-dev:
+Add nosniff header
 PHP 7.1: Prevent warning when using empty limit
 MySQL: Remove dedicated view for replication status (added in 4.3.0)
 PostgreSQL: Sort table names (regression from 4.3.1)
--- a/plugins/frames.php
+++ b/plugins/frames.php
@ -22,6 +22,7 @@ class AdminerFrames {
 			header("X-Frame-Options: SameOrigin");
 		}
 		header("X-XSS-Protection: 0");
+		header("X-Content-Type-Options: nosniff");
 		header("Referrer-Policy: origin-when-cross-origin");
 		return false;
 	}