Hosted on HTTPS now

[cgit.git] / ui-blob.c

diff --git a/ui-blob.c b/ui-blob.c
index 70a671e6ca02b30e100f697994033aecac775ef7..d38848984cf4f6b433ba4530872eccb3c550f526 100644 (file)
--- a/ui-blob.c
+++ b/ui-blob.c
@@ -161,14 +161,15 @@ void cgit_print_blob(const char *hex, char *path, const char *head, int file_onl
        }
 
        buf[size] = '\0';
-       ctx.page.mimetype = ctx.qry.mimetype;
-       if (!ctx.page.mimetype) {
-               if (buffer_is_binary(buf, size))
-                       ctx.page.mimetype = "application/octet-stream";
-               else
-                       ctx.page.mimetype = "text/plain";
-       }
+       if (buffer_is_binary(buf, size))
+               ctx.page.mimetype = "application/octet-stream";
+       else
+               ctx.page.mimetype = "text/plain";
        ctx.page.filename = path;
+
+       html("X-Content-Type-Options: nosniff\n");
+       html("Content-Security-Policy: default-src 'none'\n");
        cgit_print_http_headers();
        html_raw(buf, size);
+       free(buf);
 }