diff options
| author | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-07 19:59:17 -0600 |
|---|---|---|
| committer | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-07 19:59:25 -0600 |
| commit | ef5f29cfb257c7503763a4b16947c4eb6a7864c3 (patch) | |
| tree | 2bceddc23e11434e1bbf7361adf045ec52b12c52 /modules/caddyhttp/staticresp.go | |
| parent | 8947ae0cc1babf2ca6f8e01aa93cb13eebb3e854 (diff) | |
Do not allow Go standard lib to sniff Content-Type header
Diffstat (limited to 'modules/caddyhttp/staticresp.go')
| -rw-r--r-- | modules/caddyhttp/staticresp.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index 091cf3a..ad59681 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -39,6 +39,11 @@ func (s Static) ServeHTTP(w http.ResponseWriter, r *http.Request) error { w.Header()[field] = vals } + // do not allow Go to sniff the content-type + if w.Header().Get("Content-Type") == "" { + w.Header()["Content-Type"] = nil + } + // get the status code statusCode := s.StatusCode if statusCode == 0 && s.StatusCodeStr != "" { |