mirror of
https://github.com/golang/net.git
synced 2026-03-31 10:27:08 +09:00
f73e4c9ed3
When a Content-Type that triggers content sniffing in old (but still in significant use) browsers is sent, add the X-Content-Type-Options: nosniff header, unless explicitly disabled. Expose httpguts.SniffedContentType for use in the HTTP 1 implementation. Will be tested by net/http.TestNoSniffHeader_h2. Updates golang/go#24513 Change-Id: Id1ffea867a496393cb52c5a9f45af97d4b2fcf12 Reviewed-on: https://go-review.googlesource.com/112015 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>