@@ -79,71 +79,6 @@ Content-Type: text/javascript; charset=utf-8
79
79
X-Content-Type-Options: nosniff
80
80
```
81
81
82
- ## How to configure the server to pass this rule
83
-
84
- <!-- markdownlint-disable MD033 -->
85
- <details ><summary >How to configure Apache</summary >
86
-
87
- Presuming the script files use the ` .js ` or ` .mjs ` extension, and
88
- the stylesheets ` .css ` , Apache can be configured to serve the with
89
- the ` X-Content-Type-Options ` header with the value of ` nosniff `
90
- using the [ ` Header ` directive] [ header directive ] :
91
-
92
- ``` apache
93
- <IfModule mod_headers.c>
94
- <FilesMatch "\.(css|m?js)$">
95
- Header set X-Content-Type-Options "nosniff"
96
- </FilesMatch>
97
- </IfModule>
98
- ```
99
-
100
- Note that:
101
-
102
- * The above snippet works with Apache ` v2.2.0+ ` , but you need to have
103
- [ ` mod_headers ` ] [ mod_headers ] [ enabled] [ how to enable apache modules ]
104
- in order for it to take effect.
105
-
106
- * If you have access to the [ main Apache configuration file] [ main
107
- apache conf file] (usually called ` httpd.conf ` ), you should add
108
- the logic in, for example, a [ ` <Directory> ` ] [ apache directory ]
109
- section in that file. This is usually the recommended way as
110
- [ using ` .htaccess ` files slows down] [ htaccess is slow ] Apache!
111
-
112
- If you don't have access to the main configuration file (quite
113
- common with hosting services), just add the snippets in a ` .htaccess `
114
- file in the root of the web site/app.
115
-
116
- </details >
117
- <details ><summary >How to configure IIS</summary >
118
-
119
- Presuming the script files are sent with the ` Content-Type ` header set
120
- to ` text/javascript ` and styleshees to ` text/css ` you can use
121
- a [ ` URL rewrite ` rule] [ url rewrite ] like the following:
122
-
123
- ``` xml
124
- <configuration >
125
- <system .webServer>
126
- <rewrite >
127
- <outboundRules >
128
- <!-- Add X-Content-Type-Options header to text/javascript
129
- and text/css responses -->
130
- <rule name =" X-Content-Type-Options" enabled =" true" >
131
- <match serverVariable =" RESPONSE_X_Content_Type_Options" pattern =" .*" />
132
- <conditions >
133
- <add input =" {RESPONSE_Content_Type}" pattern =" text\/(javascript|css)" />
134
- </conditions >
135
- <action type =" Rewrite" value =" nosniff" />
136
- </rule >
137
- </outboundRules >
138
- </rewrite >
139
- </system .webServer>
140
- </configuration >
141
- ```
142
-
143
- </details >
144
-
145
- <!-- markdownlint-enable MD033 -->
146
-
147
82
## Further Reading
148
83
149
84
* [ ` X-Content-Type-Options ` header] ( https://fetch.spec.whatwg.org/#x-content-type-options-header )
0 commit comments