8261b1b72e
MediaWiki already sets this header unconditionally on all requests, but images are served directly by the webserver. We want to remove the IEContentAnalyzer, which currently provides protection against uploading problematic files, so instead we are going to recommend setting this header to instruct browsers to not sniff. Per pingback data, ~83% of reporting installs use Apache. This was suggested by Taavi. Bug: T309787 Change-Id: I8a0c50cc0a8bc037f4c9b0a114f87793446aed7f
10 lines
232 B
ApacheConf
10 lines
232 B
ApacheConf
<IfModule headers_module>
|
|
Header set X-Content-Type-Options nosniff
|
|
</IfModule>
|
|
<IfModule php7_module>
|
|
php_flag engine off
|
|
</IfModule>
|
|
# In php8, php dropped the version number.
|
|
<IfModule php_module>
|
|
php_flag engine off
|
|
</IfModule>
|