fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PMCORE-3474: X-Content-Type-Options Header Missing - Telefonica of Guatemala Security Analysis (Issue Rep# 11)

Browse Source 
code style

solve code review notes
This commit is contained in:
Rodrigo Quelca
2021-11-18 18:33:53 +00:00
parent 90948c3473
commit 4a409fabf5
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
gulliver/system/class.bootstrap.php
View File

@@ -806,6 +806,7 @@ class Bootstrap
public static function streamCSSBigFile($filename) public static function streamCSSBigFile($filename)
{ {
header('Content-Type: text/css'); header('Content-Type: text/css');
header('X-Content-Type-Options: nosniff');
//First get Skin info //First get Skin info
$filenameParts = explode("-", $filename); $filenameParts = explode("-", $filename);
@@ -969,7 +970,7 @@ class Bootstrap
header('Content-Disposition: attachment; filename="' . $downloadFileName . '"'); header('Content-Disposition: attachment; filename="' . $downloadFileName . '"');
} }
header('Content-Type: ' . $contentType); header('Content-Type: ' . $contentType);
header('X-Content-Type-Options: nosniff');
// if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE // if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE
// behaivor. // behaivor.
$userAgent = strtolower($_SERVER ['HTTP_USER_AGENT']); $userAgent = strtolower($_SERVER ['HTTP_USER_AGENT']);

4
gulliver/system/class.g.php
View File

@@ -947,7 +947,7 @@ class G
public static function streamCSSBigFile($filename) public static function streamCSSBigFile($filename)
{ {
header('Content-Type: text/css'); header('Content-Type: text/css');
header('X-Content-Type-Options: nosniff');
//First get Skin info //First get Skin info
$filenameParts = explode("-", $filename); $filenameParts = explode("-", $filename);
$skinName = $filenameParts[0]; $skinName = $filenameParts[0];
@@ -1252,7 +1252,7 @@ class G
header('Content-Disposition: inline; filename="' . $downloadFileName . '"'); header('Content-Disposition: inline; filename="' . $downloadFileName . '"');
} }
header('Content-Type: ' . $contentType); header('Content-Type: ' . $contentType);
header('X-Content-Type-Options: nosniff');
//if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE behaivor. //if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE behaivor.
$userAgent = strtolower($_SERVER['HTTP_USER_AGENT']); $userAgent = strtolower($_SERVER['HTTP_USER_AGENT']);
if (preg_match("/msie/i", $userAgent)) { if (preg_match("/msie/i", $userAgent)) {