Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-11-03 19:17:29 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Do not allow Go standard lib to sniff Content-Type header

Browse Source
This commit is contained in:
Matthew Holt 2019-06-07 19:59:17 -06:00
parent 8947ae0cc1
commit ef5f29cfb2
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/caddyhttp/fileserver/staticfiles.go
View File

@ -185,7 +185,10 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request) error
// TODO: Etag
// TODO: Disable content-type sniffing by setting a content-type...
// do not allow Go to sniff the content-type
if w.Header().Get("Content-Type") == "" {
w.Header()["Content-Type"] = nil
}
// let the standard library do what it does best; note, however,
// that errors generated by ServeContent are written immediately

5
modules/caddyhttp/staticresp.go
View File

@ -39,6 +39,11 @@ func (s Static) ServeHTTP(w http.ResponseWriter, r *http.Request) error {
w.Header()[field] = vals
}
// do not allow Go to sniff the content-type
if w.Header().Get("Content-Type") == "" {
w.Header()["Content-Type"] = nil
}
// get the status code
statusCode := s.StatusCode
if statusCode == 0 && s.StatusCodeStr != "" {