Mercurial > prosody-modules
comparison mod_http_upload_external/README.markdown @ 3359:3d01ab6b1186
mod_http_upload_external: Fix typo/copy-paste issues in headers (thanks jonas<U+2019>)
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Sun, 21 Oct 2018 15:09:29 +0100 |
| parents | e49660ba3161 |
| children | 0149954cee37 |
comparison
equal
deleted
inserted
replaced
| 3358:e49660ba3161 | 3359:3d01ab6b1186 |
|---|---|
| 193 This prevents the browser interpreting scripts and other resources that may potentially be malicious. | 193 This prevents the browser interpreting scripts and other resources that may potentially be malicious. |
| 194 | 194 |
| 195 Some browsers may also benefit from explicitly telling them not to try guessing the type of a file: | 195 Some browsers may also benefit from explicitly telling them not to try guessing the type of a file: |
| 196 | 196 |
| 197 ``` | 197 ``` |
| 198 X-Content-Type-Options "nosniff" | 198 X-Content-Type-Options: nosniff |
| 199 ``` | 199 ``` |
| 200 | 200 |
| 201 #### Security headers | 201 #### Security headers |
| 202 | 202 |
| 203 The following headers should be included to provide additional sandboxing of resources, considering the uploaded | 203 The following headers should be included to provide additional sandboxing of resources, considering the uploaded |
| 204 content is not understood or trusted by the upload service: | 204 content is not understood or trusted by the upload service: |
| 205 | 205 |
| 206 ``` | 206 ``` |
| 207 Content-Security-Policy: "default-src 'none'" | 207 Content-Security-Policy: default-src 'none' |
| 208 X-Content-Security-Policy: "default-src 'none'" | 208 X-Content-Security-Policy: default-src 'none' |
| 209 X-WebKit-CSP: "default-src 'none'" | 209 X-WebKit-CSP: default-src 'none' |
| 210 ``` | 210 ``` |