Mercurial > hg > orthanc

changeset 5463:8f1a0ba5c759

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix
author Alain Mazy <am@osimis.io>
date Tue, 12 Dec 2023 14:24:30 +0100
parents 505416b269a0
children 2829889bfa57 68e9f7815fb8
files OrthancFramework/Sources/HttpServer/HttpOutput.cpp
diffstat 1 files changed, 3 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/OrthancFramework/Sources/HttpServer/HttpOutput.cpp	Tue Dec 12 10:13:49 2023 +0100
+++ b/OrthancFramework/Sources/HttpServer/HttpOutput.cpp	Tue Dec 12 14:24:30 2023 +0100
@@ -178,6 +178,9 @@
 
     if (state_ == State_WritingHeader)
     {
+      // always include this header to prevent MIME Confusion attacks: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-content-type-options
+      AddHeader("X-Content-Type-Options", "nosniff");
+
       // Send the HTTP header before writing the body
 
       stream_.OnHttpStatusReceived(status_);
@@ -318,8 +321,6 @@
     isDeflateAllowed_(false),
     isGzipAllowed_(false)
   {
-    // prevent MIME Confusion attacks: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-content-type-options
-    stateMachine_.AddHeader("X-Content-Type-Options", "nosniff");
   }
 
   void HttpOutput::SetDeflateAllowed(bool allowed)