Set Content-Type nosniff for all downloads

This commit is contained in:
Sebastian Serth
2023-12-22 00:53:08 +01:00
committed by Sebastian Serth
parent 8fd5829110
commit 79faefde5a
4 changed files with 7 additions and 5 deletions

View File

@ -463,11 +463,6 @@ class SubmissionsController < ApplicationController
@files = @submission.collect_files.select(&:visible)
end
def set_content_type_nosniff
# When sending a file, we want to ensure that browsers follow our Content-Type header
response.headers['X-Content-Type-Options'] = 'nosniff'
end
def set_submission
@submission = Submission.find(params[:id])
authorize!