From ef5f29cfb257c7503763a4b16947c4eb6a7864c3 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 7 Jun 2019 19:59:17 -0600 Subject: Do not allow Go standard lib to sniff Content-Type header --- modules/caddyhttp/fileserver/staticfiles.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'modules/caddyhttp/fileserver/staticfiles.go') diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 86704fa..d094406 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -185,7 +185,10 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request) error // TODO: Etag - // TODO: Disable content-type sniffing by setting a content-type... + // do not allow Go to sniff the content-type + if w.Header().Get("Content-Type") == "" { + w.Header()["Content-Type"] = nil + } // let the standard library do what it does best; note, however, // that errors generated by ServeContent are written immediately -- cgit v1.2.3