From 076cd588177dec21161fa3e53222c17fd7626aa6 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Wed, 19 May 2021 13:37:36 +0000
Subject: LibWeb: Support X-Content-Type-Options to opt out of MIME type
 sniffing

---
 Userland/Libraries/LibWeb/Loader/Resource.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'Userland/Libraries/LibWeb/Loader')

diff --git a/Userland/Libraries/LibWeb/Loader/Resource.cpp b/Userland/Libraries/LibWeb/Loader/Resource.cpp
index a63ed7a332..09ebeafe9c 100644
--- a/Userland/Libraries/LibWeb/Loader/Resource.cpp
+++ b/Userland/Libraries/LibWeb/Loader/Resource.cpp
@@ -82,7 +82,12 @@ void Resource::did_load(Badge<ResourceLoader>, ReadonlyBytes data, const HashMap
         dbgln_if(RESOURCE_DEBUG, "This is a data URL with mime-type _{}_", url().data_mime_type());
         m_mime_type = url().data_mime_type();
     } else {
-        m_mime_type = Core::guess_mime_type_based_on_filename(url().path());
+        auto content_type_options = headers.get("X-Content-Type-Options");
+        if (content_type_options.value_or("").equals_ignoring_case("nosniff")) {
+            m_mime_type = "text/plain";
+        } else {
+            m_mime_type = Core::guess_mime_type_based_on_filename(url().path());
+        }
     }
 
     m_encoding = {};
-- 
cgit v1.2.3