如何在Global.asax.cs中添加"X-Content-Type-Options:nosniff"以防止mime嗅探 [英] How can I add “X-Content-Type-Options: nosniff” in Global.asax.cs to prevent mime sniff
本文介绍了如何在Global.asax.cs中添加"X-Content-Type-Options:nosniff"以防止mime嗅探的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已经修改了web.config以防止mime嗅探.
I have modified the web.config as to prevent the mime sniff.
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Content-Type-Options" value="nosniff" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
但是代码扫描工具仍然告诉我global.asax.cs具有漏洞
but code scan tool still told me that global.asax.cs has the vulnerabilities
Application_BeginRequest is either empty or does not include a function call to set the X-Content-Type-Options to nosniff or attempts to remove that header.
那么如何设置X-Content-Type-Options:Global.asax.cs中的nosniff?
So how to set X-Content-Type-Options: nosniff in Global.asax.cs ?
推荐答案
在Web.Config中使用
要添加这些标头,请转到先前添加的< customHeaders> 节点,然后将这些标头添加到< customHeaders> 节点内.
To add these headers, go to the <customHeaders> node previously added and add those headers inside the <customHeaders> node.
<httpprotocol>
<customheaders>
<add name="X-Content-Type-Options" value="nosniff "/>
</customheaders>
</httpprotocol>
使用global.asax.cs
protected void Application_PreSendRequestHeaders(Object source, EventArgs e) {
HttpContext.Current.Request.Headers.Add("X-Content-Type-Options", "nosniff");
}
这篇关于如何在Global.asax.cs中添加"X-Content-Type-Options:nosniff"以防止mime嗅探的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
