serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-01-14 23:06:27 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not allow Go standard lib to sniff Content-Type header

Browse source
This commit is contained in:
Matthew Holt 2019-06-07 19:59:17 -06:00
parent 8947ae0cc1
commit ef5f29cfb2
2 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
modules/caddyhttp/fileserver/staticfiles.go
View file

@ -185,7 +185,10 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request) error
// TODO: Etag // TODO: Etag
// TODO: Disable content-type sniffing by setting a content-type... // do not allow Go to sniff the content-type
if w.Header().Get("Content-Type") == "" {
w.Header()["Content-Type"] = nil
}
// let the standard library do what it does best; note, however, // let the standard library do what it does best; note, however,
// that errors generated by ServeContent are written immediately // that errors generated by ServeContent are written immediately

5
modules/caddyhttp/staticresp.go
View file

@ -39,6 +39,11 @@ func (s Static) ServeHTTP(w http.ResponseWriter, r *http.Request) error {
w.Header()[field] = vals w.Header()[field] = vals
} }
// do not allow Go to sniff the content-type
if w.Header().Get("Content-Type") == "" {
w.Header()["Content-Type"] = nil
}
// get the status code // get the status code
statusCode := s.StatusCode statusCode := s.StatusCode
if statusCode == 0 && s.StatusCodeStr != "" { if statusCode == 0 && s.StatusCodeStr != "" {