From cd5fab8c2f7e279a9e5caaef8efeb46f187f7e0e Mon Sep 17 00:00:00 2001
From: Cris Ward <cris@duodesign.co.uk>
Date: Sat, 22 Jul 2017 08:34:47 +0100
Subject: [PATCH] X-Content-Type-Options = "nosniff" #379 (#380)

security header for older browsers to prevent content sniffing
---
 src/kemal/helpers/helpers.cr | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/kemal/helpers/helpers.cr b/src/kemal/helpers/helpers.cr
index 489ab27..23d0a5b 100644
--- a/src/kemal/helpers/helpers.cr
+++ b/src/kemal/helpers/helpers.cr
@@ -98,6 +98,7 @@ def send_file(env, path : String, mime_type : String? = nil)
   file_path = File.expand_path(path, Dir.current)
   mime_type ||= Kemal::Utils.mime_type(file_path)
   env.response.content_type = mime_type
+  env.response.headers["X-Content-Type-Options"] = "nosniff"
   minsize = 860 # http://webmasters.stackexchange.com/questions/31750/what-is-recommended-minimum-object-size-for-gzip-performance-benefits ??
   request_headers = env.request.headers
   filesize = File.size(file_path)