lux
/
firefish
mirror of https://firefish.dev/firefish/firefish.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix (backend): set X-Content-Type-Options to nosniff on the drive files endpoint

This commit is contained in:
Laura Hausmann 2024-04-01 03:21:41 +09:00 committed by naskya
parent 9086ef11ff
commit 88ca0e1621
No known key found for this signature in database
GPG Key ID: 712D413B3A9FED5C
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/backend/src/server/file/send-drive-file.ts
View File

@ -54,6 +54,8 @@ export default async function (ctx: Koa.Context) {
return;
}
ctx.set("X-Content-Type-Options", "nosniff");
const isThumbnail = file.thumbnailAccessKey === key;
const isWebpublic = file.webpublicAccessKey === key;