From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 13 May 2011 15:52:46 +0000 (+0000)
Subject: * (bug 15461) Make IE8 turn off content sniffing. Everbody else should ignore this
X-Git-Tag: 1.31.0-rc.0~30245
X-Git-Url: http://git.cyclocoop.org/data/Fool?a=commitdiff_plain;h=d5b4ce16dc77c702e5f8c79fa4f890ee9a48242a;p=lhc%2Fweb%2Fwiklou.git

* (bug 15461) Make IE8 turn off content sniffing. Everbody else should ignore this

Adding X-Content-Type-Options: nosniff header in WebStart.php so that it's *always* set, even for alternate entry points and when $wgOut gets disabled or overridden.

Note that this of course doesn't apply to uploaded images and such loaded directly -- the usual caveats still apply.

Have not tested to confirm that this actually protects against sniffing errors -- please test on IE8 and IE9.
---

diff --git a/includes/WebStart.php b/includes/WebStart.php
index fa92fc7213..ae81e8834b 100644
--- a/includes/WebStart.php
+++ b/includes/WebStart.php
@@ -56,6 +56,11 @@ if ( ini_get( 'register_globals' ) ) {
 	}
 }
 
+# bug 15461: Make IE8 turn off content sniffing. Everbody else should ignore this
+# We're adding it here so that it's *always* set, even for alternate entry
+# points and when $wgOut gets disabled or overridden.
+header( 'X-Content-Type-Options: nosniff' );
+
 $wgRequestTime = microtime(true);
 # getrusage() does not exist on the Microsoft Windows platforms, catching this
 if ( function_exists ( 'getrusage' ) ) {