Add X-Content-Type-Options: nosniff to default nginx config in docs
|Reported by:||Christopher Allan Webber||Owned by:||pythonsnake|
|Cc:||tycho, Will Kahn-Greene, Elrond||Parent Tickets:|
We should add "X-Content-Type-Options: nosniff" to our HTTP response headers via nginx in our "default config". This will help prevent someone uploading a .txt file that the browser interprets as an HTML file, etc (which could be used to initiate an XSS attack or etc).
We could probably add such support via: