From 7a7673310945fe50bab05d31157c82cc19704859 Mon Sep 17 00:00:00 2001
From: aviral243 <aviralgangwar24@gmail.com>
Date: Tue, 14 Jan 2020 01:41:08 +0530
Subject: [PATCH] set x-content-type-options header to nosniff

---
 app/cors/server/cors.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/cors/server/cors.js b/app/cors/server/cors.js
index c5853db94059..a8f5cae10354 100644
--- a/app/cors/server/cors.js
+++ b/app/cors/server/cors.js
@@ -53,6 +53,9 @@ WebApp.rawConnectHandlers.use(function(req, res, next) {
 	// XSS Protection for old browsers (IE)
 	res.setHeader('X-XSS-Protection', '1');
 
+	// X-Content-Type-Options header to prevent MIME Sniffing
+	res.setHeader('X-Content-Type-Options', 'nosniff');
+
 	if (Support_Cordova_App !== true) {
 		return next();
 	}