TerribleDev/HardHat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
HardHat/docs/MimeSniff.md
Tommy Parnell 3978cfc694 add docs
2017-06-17 17:20:36 -04:00

21 lines
690 B
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
the Dont Sniff Mimetype middleware, noSniff, helps prevent browsers from trying to guess ("sniff") the MIME type.
## Attack
Some browsers will detect what the mime type of a file is, even if the webserver says something else. Lets say someone uploads a script file to your website as their profile. Even though the webserver could say the mime type is one thing, the browser could interpret it as javascript and execute it!
## The Header
The `X-Content-Type-Options` header can be set to `nosniff` to prevent mime sniffing.
## Code
```csharp
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseNoMimeSniff();
}
```
Reference in New Issue View Git Blame Copy Permalink