mirrors/firefish
1
0
Fork 1
mirror of https://git.joinfirefish.org/firefish/firefish.git synced 2024-05-18 13:11:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix (backend): set X-Content-Type-Options to nosniff on the drive files endpoint

Browse source
This commit is contained in:
Laura Hausmann 2024-04-01 03:21:41 +09:00 committed by naskya
parent 9086ef11ff
commit 88ca0e1621
No known key found for this signature in database
GPG key ID: 712D413B3A9FED5C
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
packages/backend/src/server/file/send-drive-file.ts
View file

@ -54,6 +54,8 @@ export default async function (ctx: Koa.Context) {
return;
}
ctx.set("X-Content-Type-Options", "nosniff");
const isThumbnail = file.thumbnailAccessKey === key;
const isWebpublic = file.webpublicAccessKey === key;