Set "X-Content-Type-Options: nosniff" header in images/.htaccess

MediaWiki already sets this header unconditionally on all requests, but images are served directly by the webserver. We want to remove the IEContentAnalyzer, which currently provides protection against uploading problematic files, so instead we are going to recommend setting this header to instruct browsers to not sniff. Per pingback data, ~83% of reporting installs use Apache. This was suggested by Taavi. Bug: T309787 Change-Id: I8a0c50cc0a8bc037f4c9b0a114f87793446aed7f
author: Kunal Mehta <legoktm@debian.org> 2023-02-24 23:59:22 -0500
committer: Kunal Mehta <legoktm@debian.org> 2023-02-24 23:59:22 -0500
commit: 8261b1b72e6cd421e532c8a2cd6b3c877bfba81b (patch)
tree: ba12aa15726195b586dd3509b9511fb867202216 /images
parent: 60cdba6d78c1627a1b3e92b0c690f0939fd05834 (diff)
download: mediawikicore-8261b1b72e6cd421e532c8a2cd6b3c877bfba81b.tar.gz
mediawikicore-8261b1b72e6cd421e532c8a2cd6b3c877bfba81b.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/images/.htaccess b/images/.htaccess
index 0c8194886f4c..e96e1139e28c 100644
--- a/images/.htaccess
+++ b/images/.htaccess
@@ -1,3 +1,6 @@
+<IfModule headers_module>
+Header set X-Content-Type-Options nosniff
+</IfModule>
 <IfModule php7_module>
 php_flag engine off
 </IfModule>
author	Kunal Mehta <legoktm@debian.org>	2023-02-24 23:59:22 -0500
committer	Kunal Mehta <legoktm@debian.org>	2023-02-24 23:59:22 -0500
commit	8261b1b72e6cd421e532c8a2cd6b3c877bfba81b (patch)
tree	ba12aa15726195b586dd3509b9511fb867202216 /images
parent	60cdba6d78c1627a1b3e92b0c690f0939fd05834 (diff)
download	mediawikicore-8261b1b72e6cd421e532c8a2cd6b3c877bfba81b.tar.gz mediawikicore-8261b1b72e6cd421e532c8a2cd6b3c877bfba81b.zip