Skip to content

Commit

Permalink
Send HTTP security headers (CSP, etc) on file downloads
Browse files Browse the repository at this point in the history 
File downloads should return HTTP security headers as another layer of
protection against someone framing a MantisBT file_download link to a
file with a harmful MIME type such as text/html.
  • Loading branch information
@davidhicks
davidhicks committed May 23, 2010
1 parent f017e81 commit 5eaec26
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions file_download.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,8 @@
ini_set( 'zlib.output_compression', false );
}

http_security_headers();

# Make sure that IE can download the attachments under https.
header( 'Pragma: public' );

Expand Down

0 comments on commit 5eaec26

Please sign in to comment.