LibWeb: Support X-Content-Type-Options to opt out of MIME type sniffing

author: Brendan Coles <bcoles@gmail.com> 2021-05-19 13:37:36 +0000
committer: Linus Groh <mail@linusgroh.de> 2021-05-19 18:10:43 +0100
commit: 076cd588177dec21161fa3e53222c17fd7626aa6 (patch)
tree: cdab96bbd80dc2f5c11a40179328f68afbd41c74 /Userland/Libraries/LibWeb/Loader
parent: 0681086cad9ca3ec5cf720f2e5355af7611949a8 (diff)
download: serenity-076cd588177dec21161fa3e53222c17fd7626aa6.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/Userland/Libraries/LibWeb/Loader/Resource.cpp b/Userland/Libraries/LibWeb/Loader/Resource.cpp
index a63ed7a332..09ebeafe9c 100644
--- a/Userland/Libraries/LibWeb/Loader/Resource.cpp
+++ b/Userland/Libraries/LibWeb/Loader/Resource.cpp
@@ -82,7 +82,12 @@ void Resource::did_load(Badge<ResourceLoader>, ReadonlyBytes data, const HashMap
         dbgln_if(RESOURCE_DEBUG, "This is a data URL with mime-type _{}_", url().data_mime_type());
         m_mime_type = url().data_mime_type();
     } else {
-        m_mime_type = Core::guess_mime_type_based_on_filename(url().path());
+        auto content_type_options = headers.get("X-Content-Type-Options");
+        if (content_type_options.value_or("").equals_ignoring_case("nosniff")) {
+            m_mime_type = "text/plain";
+        } else {
+            m_mime_type = Core::guess_mime_type_based_on_filename(url().path());
+        }
     }
 
     m_encoding = {};
author	Brendan Coles <bcoles@gmail.com>	2021-05-19 13:37:36 +0000
committer	Linus Groh <mail@linusgroh.de>	2021-05-19 18:10:43 +0100
commit	076cd588177dec21161fa3e53222c17fd7626aa6 (patch)
tree	cdab96bbd80dc2f5c11a40179328f68afbd41c74 /Userland/Libraries/LibWeb/Loader
parent	0681086cad9ca3ec5cf720f2e5355af7611949a8 (diff)
download	serenity-076cd588177dec21161fa3e53222c17fd7626aa6.zip