X-Content-Type-Option: nosniff, refs #1

simonw · Jan 7, 2021 · faf1814 · faf1814
1 parent 95a0738
commit faf1814
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/datasette_css_properties/__init__.py b/datasette_css_properties/__init__.py
@@ -4,7 +4,11 @@
 
 
 def css_response(css):
-    return Response(css, content_type="text/css; charset=utf-8")
+    return Response(
+        css,
+        content_type="text/css; charset=utf-8",
+        headers={"X-Content-Type-Options": "nosniff"},
+    )
 
 
 def render_css(request, rows):

diff --git a/tests/test_css_properties.py b/tests/test_css_properties.py
@@ -20,7 +20,7 @@
         ("select 'hello' as foo", ["foo"], ":root {\n  --foo: hello;\n}"),
     ],
 )
-async def test_plugin_is_installed(query, raw, expected_css):
+async def test_css_output(query, raw, expected_css):
     datasette = Datasette([], memory=True)
     response = await datasette.client.get(
         "/:memory:.css?"
@@ -34,3 +34,4 @@ async def test_plugin_is_installed(query, raw, expected_css):
     )
     assert response.status_code == 200
     assert response.text == expected_css
+    assert response.headers["x-content-type-options"] == "nosniff"