From c3c45e00abd8b10679d911e1b92d2acb91aaf209 Mon Sep 17 00:00:00 2001 From: Andrey Kleshchev <117672381+akleshchev@users.noreply.github.com> Date: Wed, 10 Sep 2025 23:26:13 +0300 Subject: #1825 Use html as a default type for nosniff mime probes --- indra/llcorehttp/llhttpconstants.cpp | 2 ++ indra/llcorehttp/llhttpconstants.h | 2 ++ indra/newview/llfloaterurlentry.cpp | 10 ++++++++++ 3 files changed, 14 insertions(+) diff --git a/indra/llcorehttp/llhttpconstants.cpp b/indra/llcorehttp/llhttpconstants.cpp index 40d6c7506c..7a671543d9 100755 --- a/indra/llcorehttp/llhttpconstants.cpp +++ b/indra/llcorehttp/llhttpconstants.cpp @@ -100,6 +100,7 @@ const std::string HTTP_IN_HEADER_LOCATION("location"); const std::string HTTP_IN_HEADER_RETRY_AFTER("retry-after"); const std::string HTTP_IN_HEADER_SET_COOKIE("set-cookie"); const std::string HTTP_IN_HEADER_USER_AGENT("user-agent"); +const std::string HTTP_IN_HEADER_X_CONTENT_TYPE_OPTIONS("x-content-type-options"); const std::string HTTP_IN_HEADER_X_FORWARDED_FOR("x-forwarded-for"); const std::string HTTP_CONTENT_LLSD_XML("application/llsd+xml"); @@ -122,6 +123,7 @@ const std::string HTTP_CONTENT_IMAGE_BMP("image/bmp"); const std::string HTTP_NO_CACHE("no-cache"); const std::string HTTP_NO_CACHE_CONTROL("no-cache, max-age=0"); +const std::string HTTP_NOSNIFF("nosniff"); const std::string HTTP_VERB_INVALID("(invalid)"); const std::string HTTP_VERB_HEAD("HEAD"); diff --git a/indra/llcorehttp/llhttpconstants.h b/indra/llcorehttp/llhttpconstants.h index 583f9fbcb7..71c1dfa173 100755 --- a/indra/llcorehttp/llhttpconstants.h +++ b/indra/llcorehttp/llhttpconstants.h @@ -190,6 +190,7 @@ extern const std::string HTTP_IN_HEADER_LOCATION; extern const std::string HTTP_IN_HEADER_RETRY_AFTER; extern const std::string HTTP_IN_HEADER_SET_COOKIE; extern const std::string HTTP_IN_HEADER_USER_AGENT; +extern const std::string HTTP_IN_HEADER_X_CONTENT_TYPE_OPTIONS; extern const std::string HTTP_IN_HEADER_X_FORWARDED_FOR; //// HTTP Content Types //// @@ -215,5 +216,6 @@ extern const std::string HTTP_CONTENT_IMAGE_BMP; //// HTTP Cache Settings //// extern const std::string HTTP_NO_CACHE; extern const std::string HTTP_NO_CACHE_CONTROL; +extern const std::string HTTP_NOSNIFF; #endif diff --git a/indra/newview/llfloaterurlentry.cpp b/indra/newview/llfloaterurlentry.cpp index 7651b2528f..2f1857ec61 100644 --- a/indra/newview/llfloaterurlentry.cpp +++ b/indra/newview/llfloaterurlentry.cpp @@ -242,6 +242,16 @@ void LLFloaterURLEntry::getMediaTypeCoro(std::string url, LLHandle pa resolvedMimeType = mimeType; } } + else if (resultHeaders.has(HTTP_IN_HEADER_X_CONTENT_TYPE_OPTIONS)) + { + const std::string& val = resultHeaders[HTTP_IN_HEADER_X_CONTENT_TYPE_OPTIONS]; + if (val == HTTP_NOSNIFF) + { + // Doesn't permit 'sniffing' mime type, default to either html or plain + // If this doesn't work user will have to choose something manually. + resolvedMimeType = HTTP_CONTENT_TEXT_HTML; + } + } floaterUrlEntry->headerFetchComplete(status.getType(), resolvedMimeType); -- cgit v1.2.3