0

According to my understanding I should add the nosniff header on each download dialog: X-Content-Type-Options: nosniff

How should I protect an upload dialogs? Will the header X-Content-Type-Options: nosniff be enough? Should I do something in addition? Ensure extension type?

Michael
  • 1,457
  • 1
  • 18
  • 36
  • 4
    The `nosniff` directive instructs browsers to not guess the content type of a document when displaying it, so I'm unsure how you're planning to apply it to uploads. If you want to restrict the file types allowed for upload, you'd have to do that with server-side logic. – Arminius Aug 23 '17 at 05:51
  • The question if I should to restrict file types or it is optional? – Michael Aug 26 '17 at 04:37

0 Answers0