Add nosniff header

diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index f93d81f00d899466132f1cd69c49882ddbf39d67..83d34d615a7f2382332eaca9c332b7613ccfc563 100644 (file)
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -90,6 +90,7 @@ function page_headers() {
        if ($adminer->headers()) {
                header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
                header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
+               header("X-Content-Type-Options: nosniff");
                header("Referrer-Policy: origin-when-cross-origin");
        }
 }

diff --git a/changes.txt b/changes.txt
index 15430b67503a86171122f8936e61aea9c9b85064..2a33e236594ab3b303fbdf4ecfef66551e97a49d 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,4 +1,5 @@
 Adminer 4.3.2-dev:
+Add nosniff header
 PHP 7.1: Prevent warning when using empty limit
 MySQL: Remove dedicated view for replication status (added in 4.3.0)
 PostgreSQL: Sort table names (regression from 4.3.1)

diff --git a/plugins/frames.php b/plugins/frames.php
index f29b60af6949ccf4ce90beb3db25e9e74f36bd99..32e521bc67fa17c4d1af66d5a423c9fc948fb06a 100644 (file)
--- a/plugins/frames.php
+++ b/plugins/frames.php
@@ -22,6 +22,7 @@ class AdminerFrames {
                        header("X-Frame-Options: SameOrigin");
                }
                header("X-XSS-Protection: 0");
+               header("X-Content-Type-Options: nosniff");
                header("Referrer-Policy: origin-when-cross-origin");
                return false;
        }