diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-07 19:59:17 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2019-06-07 19:59:25 -0600 |
commit | ef5f29cfb257c7503763a4b16947c4eb6a7864c3 (patch) | |
tree | 2bceddc23e11434e1bbf7361adf045ec52b12c52 /modules | |
parent | 8947ae0cc1babf2ca6f8e01aa93cb13eebb3e854 (diff) |
Do not allow Go standard lib to sniff Content-Type header
Diffstat (limited to 'modules')
-rw-r--r-- | modules/caddyhttp/fileserver/staticfiles.go | 5 | ||||
-rw-r--r-- | modules/caddyhttp/staticresp.go | 5 |
2 files changed, 9 insertions, 1 deletions
diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 86704fa..d094406 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -185,7 +185,10 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request) error // TODO: Etag - // TODO: Disable content-type sniffing by setting a content-type... + // do not allow Go to sniff the content-type + if w.Header().Get("Content-Type") == "" { + w.Header()["Content-Type"] = nil + } // let the standard library do what it does best; note, however, // that errors generated by ServeContent are written immediately diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go index 091cf3a..ad59681 100644 --- a/modules/caddyhttp/staticresp.go +++ b/modules/caddyhttp/staticresp.go @@ -39,6 +39,11 @@ func (s Static) ServeHTTP(w http.ResponseWriter, r *http.Request) error { w.Header()[field] = vals } + // do not allow Go to sniff the content-type + if w.Header().Get("Content-Type") == "" { + w.Header()["Content-Type"] = nil + } + // get the status code statusCode := s.StatusCode if statusCode == 0 && s.StatusCodeStr != "" { |