From b8ae1d400e5518b8b6e9d3895b088c2608460af1 Mon Sep 17 00:00:00 2001
From: Trey <trey.hayden.ctr@adlnet.gov>
Date: Wed, 20 Sep 2023 13:58:59 -0400
Subject: [PATCH] adding optional nosniff header

---
 src/main/server.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/server.js b/src/main/server.js
index df2a98bd8..50f2cbb62 100644
--- a/src/main/server.js
+++ b/src/main/server.js
@@ -140,6 +140,13 @@ if (process.env.INCLUDE_STRICT_TRANSPORT_SECURITY_HEADER == "true") {
     });
 }
 
+if (process.env.INCLUDE_MIME_NOSNIFF_HEADER == "true") {
+    app.use((req, res, next) => {
+        res.setHeader("X-Content-Type-Options", "nosniff");
+        next();
+    });
+}
+
 let v8 = require('v8');
 let glob = require('glob');
 let path = require('path');