efforting.tech/gitea
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): set X-Content-Type-Options: nosniff by default (#37354)

Browse Source 
Fixes #37316.

---------

Signed-off-by: SAY-5 <SAY-5@users.noreply.github.com>
Co-authored-by: SAY-5 <SAY-5@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
Sai Asish Y
2026-04-24 04:21:34 -07:00
committed by GitHub
parent 1483291a87
commit 6826321570
7 changed files with 45 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
custom/conf/app.example.ini
View File

@@ -525,8 +525,11 @@ INTERNAL_TOKEN =
;; Set to "enforced", to force users to enroll into Two-Factor Authentication, users without 2FA have no access to repositories via API or web.
;TWO_FACTOR_AUTH =
;;
;; The value of the X-Frame-Options HTTP header for HTML responses. Use "unset" to remove the header.
;; The value of the X-Frame-Options HTTP header for all responses. Use "unset" to remove the header.
;X_FRAME_OPTIONS = SAMEORIGIN
;;
;; The value of the X-Content-Type-Options HTTP header for all responses. Use "unset" to remove the header.
;X_CONTENT_TYPE_OPTIONS = nosniff
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;