From 4a409fabf5477976ddf59239521d6b77d43711e3 Mon Sep 17 00:00:00 2001 From: Rodrigo Quelca Date: Thu, 18 Nov 2021 18:33:53 +0000 Subject: [PATCH] PMCORE-3474: X-Content-Type-Options Header Missing - Telefonica of Guatemala Security Analysis (Issue Rep# 11) code style solve code review notes --- gulliver/system/class.bootstrap.php | 3 ++- gulliver/system/class.g.php | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index f2250c7c9..e2c1ca36f 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -806,6 +806,7 @@ class Bootstrap public static function streamCSSBigFile($filename) { header('Content-Type: text/css'); + header('X-Content-Type-Options: nosniff'); //First get Skin info $filenameParts = explode("-", $filename); @@ -969,7 +970,7 @@ class Bootstrap header('Content-Disposition: attachment; filename="' . $downloadFileName . '"'); } header('Content-Type: ' . $contentType); - + header('X-Content-Type-Options: nosniff'); // if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE // behaivor. $userAgent = strtolower($_SERVER ['HTTP_USER_AGENT']); diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index e72afb64f..05653aee3 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -947,7 +947,7 @@ class G public static function streamCSSBigFile($filename) { header('Content-Type: text/css'); - + header('X-Content-Type-Options: nosniff'); //First get Skin info $filenameParts = explode("-", $filename); $skinName = $filenameParts[0]; @@ -1252,7 +1252,7 @@ class G header('Content-Disposition: inline; filename="' . $downloadFileName . '"'); } header('Content-Type: ' . $contentType); - + header('X-Content-Type-Options: nosniff'); //if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE behaivor. $userAgent = strtolower($_SERVER['HTTP_USER_AGENT']); if (preg_match("/msie/i", $userAgent)) {