Skip to content
Permalink
Browse files

http: always set header `X-Content-Type-Options` to `nosniff` (#6008)

  • Loading branch information
unknwon committed Mar 23, 2020
1 parent 740f814 commit e14b6abf9dae13bc087c9d9db8fe7c7a5125c792
Showing with 17 additions and 12 deletions.
  1. +1 −0 CHANGELOG.md
  2. +12 −12 internal/assets/public/public_gen.go
  3. +4 −0 internal/context/context.go
@@ -42,6 +42,7 @@ All notable changes to Gogs are documented in this file.
- [Security] Potential XSS attack via `.ipynb`. [#5170](https://github.com/gogs/gogs/issues/5170)
- [Security] Potential SSRF attack via webhooks. [#5366](https://github.com/gogs/gogs/issues/5366)
- [Security] Potential CSRF attack in admin panel. [#5367](https://github.com/gogs/gogs/issues/5367)
- [Security] Potential stored XSS attack in some browsers. [#5397](https://github.com/gogs/gogs/issues/5397)
- [Security] Potential RCE on mirror repositories. [#5767](https://github.com/gogs/gogs/issues/5767)
- [Security] Potential XSS attack with raw markdown API. [#5907](https://github.com/gogs/gogs/pull/5907)
- Open/close milestone redirects to a 404 page. [#5677](https://github.com/gogs/gogs/issues/5677)

0 comments on commit e14b6ab

Please sign in to comment.
You can’t perform that action at this time.