From 88ca0e1621757a39d52ead1f0c64ac8b90567a25 Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Mon, 1 Apr 2024 03:21:41 +0900
Subject: [PATCH] fix (backend): set X-Content-Type-Options to nosniff on the
 drive files endpoint

---
 packages/backend/src/server/file/send-drive-file.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/backend/src/server/file/send-drive-file.ts b/packages/backend/src/server/file/send-drive-file.ts
index b7f3838e3f..01ec93e448 100644
--- a/packages/backend/src/server/file/send-drive-file.ts
+++ b/packages/backend/src/server/file/send-drive-file.ts
@@ -54,6 +54,8 @@ export default async function (ctx: Koa.Context) {
 		return;
 	}
 
+	ctx.set("X-Content-Type-Options", "nosniff");
+
 	const isThumbnail = file.thumbnailAccessKey === key;
 	const isWebpublic = file.webpublicAccessKey === key;