From a032c0e99924c190cee21a8cf75281430d3b89b2 Mon Sep 17 00:00:00 2001
From: yejianguo <yejianguolee@gmail.com>
Date: Fri, 6 Nov 2015 18:28:10 +0800
Subject: [PATCH] [access file] add nosniff X-Content-Type-Options header

---
 server/access-file.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/server/access-file.c b/server/access-file.c
index f907dce3d..a7fca5be0 100644
--- a/server/access-file.c
+++ b/server/access-file.c
@@ -107,7 +107,6 @@ extern SeafileSession *seaf;
 
 static struct file_type_map ftmap[] = {
     { "txt", "text/plain" },
-    { "html", "text/html" },
     { "doc", "application/vnd.ms-word" },
     { "docx", "application/vnd.ms-word" },
     { "ppt", "application/vnd.ms-powerpoint" },
@@ -594,6 +593,10 @@ do_file(evhtp_request_t *req, SeafRepo *repo, const char *file_id,
                              evhtp_header_new("Content-Disposition", cont_filename,
                                               1, 1));
 
+    evhtp_headers_add_header(req->headers_out,
+                             evhtp_header_new("X-Content-Type-Options", "nosniff",
+                                              1, 1));
+
     /* If it's an empty file, send an empty reply. */
     if (file->n_blocks == 0) {
         evhtp_send_reply (req, EVHTP_RES_OK);
@@ -936,6 +939,9 @@ do_file_range (evhtp_request_t *req, SeafRepo *repo, const char *file_id,
 
     set_resp_disposition (req, operation, filename);
 
+    evhtp_headers_add_header(req->headers_out,
+                             evhtp_header_new("X-Content-Type-Options", "nosniff",
+                                              1, 1));
     data = g_new0 (SendFileRangeData, 1);
     if (!data) {
         seafile_unref (file);