"Don't infer the MIME type" middleware
Some browsers will try to "sniff" mimetypes. For example, if my server serves file.txt with a text/plain content-type, some browsers can still run that file with
This middleware to keep Chrome, Opera, and IE from doing this sniffing (and Firefox soon). The following example sets the
X-Content-Type-Options header to its only option,
var nosniff = require('dont-sniff-mimetype') app.use(nosniff())
MSDN has a good description of how browsers behave when this header is sent.