From 44be16d4fbc78c14f8ea17160585ed1bec0c8722 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 8 Mar 2016 18:28:04 +0100
Subject: X-Content-Type-Options: nosniff

https://github.com/FreshRSS/FreshRSS/issues/1114
---
 app/FreshRSS.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/FreshRSS.php')

diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index d6f4f4062..bafa970da 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -122,6 +122,7 @@ class FreshRSS extends Minz_FrontController {
 				header("Content-Security-Policy: default-src 'self'");
 				break;
 		}
+		header("X-Content-Type-Options: nosniff");
 	}
 
 	private function loadNotifications() {
-- 
cgit v1.2.3