Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* (bug 15461) Make IE8 turn off content sniffing. Everbody else should ignore this

Browse source 
Adding X-Content-Type-Options: nosniff header in WebStart.php so that it's *always* set, even for alternate entry points and when $wgOut gets disabled or overridden.

Note that this of course doesn't apply to uploaded images and such loaded directly -- the usual caveats still apply.

Have not tested to confirm that this actually protects against sniffing errors -- please test on IE8 and IE9.
This commit is contained in:
Brion Vibber 2011-05-13 15:52:46 +00:00
parent ba564eeb7c
commit d5b4ce16dc
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
includes/WebStart.php
View file

@ -56,6 +56,11 @@ if ( ini_get( 'register_globals' ) ) {
}
}
# bug 15461: Make IE8 turn off content sniffing. Everbody else should ignore this
# We're adding it here so that it's *always* set, even for alternate entry
# points and when $wgOut gets disabled or overridden.
header( 'X-Content-Type-Options: nosniff' );
$wgRequestTime = microtime(true);
# getrusage() does not exist on the Microsoft Windows platforms, catching this
if ( function_exists ( 'getrusage' ) ) {