Roundup Tracker - Issues

Message8216

Author rouilj
Recipients rouilj, schlatterbeck
Date 2024-12-08.16:06:09
Message-id <1733673969.19.0.953371467469.issue2551068@roundup.psfhosted.org>
In-reply-to 
Handle application/octet-stream as a universal download mime type.

However without the 'X-Content-Type-Options: nosniff' security header, an html
file with application/octet-stream could be parsed by the browser and
displayed/executed as html.

So set the X-Content-Type-Options header when using this codepath.
client.py sets this header when the SendFile exception is raised for the same reason.
History
Date User Action Args
2024-12-08 16:06:09rouiljsetmessageid: <1733673969.19.0.953371467469.issue2551068@roundup.psfhosted.org>
2024-12-08 16:06:09rouiljsetrecipients: + rouilj, schlatterbeck
2024-12-08 16:06:09rouiljlinkissue2551068 messages
2024-12-08 16:06:09rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020