2014-08-13 12:59:02 |
François Marier |
description |
MIME-type sniffing on IE can lead to unexpected code execution. It can be disabled using an extra header:
X-Content-Type-Options: nosniff
It should be added to all avatar-serving responses that aren't redirections, but it could also be sent through with other dynamic and static content. |
MIME-type sniffing on IE can lead to unexpected code execution. It can be disabled using an extra header:
X-Content-Type-Options: nosniff
It should be added to all avatar-serving responses that aren't redirections, but it could also be sent through with other dynamic and static content.
http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx |
|