shahondin1624/Mitgliederverwaltung
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 16 Wiki Activity

fix: add X-Content-Type-Options nosniff header to downloads (Closes #173) #184

Merged
shahondin1624 merged 1 commits from feature/issue-173-download-security-headers into main 2026-04-10 16:25:41 +02:00
Conversation 0 Commits 1 Files Changed 2
+36
shahondin1624 commented 2026-04-10 16:25:36 +02:00
Owner
Copy Link
Copy Source

Summary

  • Creates SecurityHeadersMiddleware that adds X-Content-Type-Options: nosniff to all DownloadResponse instances
  • Prevents MIME-type sniffing attacks on exported CSV, PDF, and ZIP files
  • Content-Disposition: attachment is already handled by Nextcloud's DownloadResponse

Test plan

  • All 1012 tests pass

Closes #173

## Summary - Creates `SecurityHeadersMiddleware` that adds `X-Content-Type-Options: nosniff` to all `DownloadResponse` instances - Prevents MIME-type sniffing attacks on exported CSV, PDF, and ZIP files - `Content-Disposition: attachment` is already handled by Nextcloud's `DownloadResponse` ## Test plan - [x] All 1012 tests pass Closes #173
shahondin1624 added 1 commit 2026-04-10 16:25:36 +02:00
fix: add X-Content-Type-Options nosniff header to download responses (Closes #173) 7026c4f1e6 
Creates SecurityHeadersMiddleware that adds X-Content-Type-Options: nosniff
to all DownloadResponse instances, preventing MIME-type sniffing attacks
on exported CSV, PDF, and ZIP files.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
shahondin1624 merged commit 089a775b84 into main 2026-04-10 16:25:41 +02:00
shahondin1624 deleted branch feature/issue-173-download-security-headers 2026-04-10 16:25:41 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
backend
Backend / PHP work
 bug
Bug report
 database
Database migrations and schema
 documentation
Documentation
 enhancement
Enhancement or improvement
 epic
Epic / feature-group issues
 frontend
Frontend / Vue.js work
 integration
Nextcloud integrations (Calendar, Contacts, Files)
 priority:high
High priority
 priority:low
Low priority
 priority:medium
Medium priority
 security
Security-related work
 testing
Tests and test infrastructure
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
shahondin1624
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: shahondin1624/Mitgliederverwaltung#184
Delete Branch "feature/issue-173-download-security-headers"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?