"Don't infer the MIME type" middleware
Some browsers will try to "sniff" mimetypes. For example, if my server serves file.txt with a text/plain content-type, some browsers can still run that file with
This middleware prevents Chrome, Opera 13+, IE 8+ and Firefox 50+ from doing this sniffing. The following example sets the
X-Content-Type-Options header to its only option,
const nosniff = require('dont-sniff-mimetype') app.use(nosniff())
MSDN has a good description of how browsers behave when this header is sent.