Commit ee69783b authored by Chris Graham's avatar Chris Graham

Fixed MANTIS-3985 ("X-Content-Type-Options: nosniff" header may be duplicated)

parent e10dccda
......@@ -201,6 +201,7 @@ function do_access($given_password)
'fast_spider_cache' => '<em>Performance:</em> The number of hours that the spider/bot cache lasts for (this sets both HTTP caching, and server retention of cached screens).',
'any_guest_cached_too' => '<em>Performance:</em> Whether Guests are cached with the spider cache time too.',
'self_learning_cache' => '<em>Performance:</em> Whether to allow pages to learn what resources they need, for efficient bulk loading of essentials while avoiding loading full resource sets upfront. Stores copies of some resources within the self-learning cache itself. If you disable this you should also disable the Composr "Output streaming" config option.',
'no_nosniff_header' => '<em>Performance:</em> If you can rely on your webserver configuration sending "X-Content-Type-Options: nosniff" enable this to stop Composr duplicating it.',
'max_execution_time' => '<em>Performance:</em> The time in seconds to use for PHP\'s maximum execution time option. Composr defaults to 60 and raises it in known situations that require more time.',
......
......@@ -239,7 +239,9 @@ function init__global2()
$BASE_URL_HTTPS_CACHE = null;
require_code('version');
@header('X-Content-Type-Options: nosniff');
if (!empty($SITE_INFO['no_nosniff_header'])) {
@header('X-Content-Type-Options: nosniff');
}
@header('X-XSS-Protection: 1');
if ((!$MICRO_BOOTUP) && (!$MICRO_AJAX_BOOTUP)) {
// Marker that Composr running
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment