From ef5f29cfb257c7503763a4b16947c4eb6a7864c3 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Fri, 7 Jun 2019 19:59:17 -0600
Subject: Do not allow Go standard lib to sniff Content-Type header

---
 modules/caddyhttp/staticresp.go | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'modules/caddyhttp/staticresp.go')

diff --git a/modules/caddyhttp/staticresp.go b/modules/caddyhttp/staticresp.go
index 091cf3a..ad59681 100644
--- a/modules/caddyhttp/staticresp.go
+++ b/modules/caddyhttp/staticresp.go
@@ -39,6 +39,11 @@ func (s Static) ServeHTTP(w http.ResponseWriter, r *http.Request) error {
 		w.Header()[field] = vals
 	}
 
+	// do not allow Go to sniff the content-type
+	if w.Header().Get("Content-Type") == "" {
+		w.Header()["Content-Type"] = nil
+	}
+
 	// get the status code
 	statusCode := s.StatusCode
 	if statusCode == 0 && s.StatusCodeStr != "" {
-- 
cgit v1.2.3