v1.0.6: Disable MIME-sniffing

canonical · Aug 4, 2022 · 170d028 · 170d028
1 parent 31ad14d
commit 170d028
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 1.0.6 (2022-08-04)
+
+Disable MIME-sniffing with `x-content-type-options: NOSNIFF` ([rationale here](https://github.com/canonical/web-design-systems-squad/issues/77#issuecomment-1205100399))
+
 # 1.0.5 (2022-05-05)
 
 Pin to Flask 1.1.2 to avoid dependency conflicts

diff --git a/canonicalwebteam/flask_base/app.py b/canonicalwebteam/flask_base/app.py
@@ -23,6 +23,7 @@
 
 
 def set_security_headers(response):
+    # Decide whether to add x-frame-options
     add_xframe_options_header = True
 
     # Check if view_function has exclude_xframe_options_header decorator
@@ -35,6 +36,9 @@ def set_security_headers(response):
     if add_xframe_options_header and "X-Frame-Options" not in response.headers:
         response.headers["X-Frame-Options"] = "SAMEORIGIN"
 
+    # Add standard security headers
+    response.headers["X-Content-Type-Options"] = "NOSNIFF"
+
     return response
 
 

diff --git a/setup.py b/setup.py
@@ -4,7 +4,7 @@
 
 setup(
     name="canonicalwebteam.flask-base",
-    version="1.0.5",
+    version="1.0.6",
     description=(
         "Flask extension that applies common configurations"
         "to all of webteam's flask apps."