set X-Content-Type-Options to nosniff on serve

2017-06-14 13:11:42 -07:00 · 2017-06-14 13:11:42 -07:00 · 86a0417947
commit 86a0417947
parent 2908df42de
1 changed files with 4 additions and 1 deletions
--- a/routes/serve-routes.js
+++ b/routes/serve-routes.js
@ -1,7 +1,10 @@
 function serveFile(fileInfo, res){
 	var options = {
 		root: fileInfo.directory,
-		headers: { "Content-Type": fileInfo.contentType}
+		headers: { 
+			"X-Content-Type-Options": "nosniff",
+			"Content-Type": fileInfo.contentType
+		}
 	};
 	switch (fileInfo.contentType){
 		case "image/jpeg":