8 years ago · 93d3eca0ab
--- a/main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/jackrabbitservlet/DavFile.java
+++ b/main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/jackrabbitservlet/DavFile.java
@@ -43,6 +43,8 @@ class DavFile extends DavNode<FileLocator> {
 
																 	protected static final String CONTENT_TYPE_VALUE = "application/octet-stream";
															
 
																 	protected static final String CONTENT_DISPOSITION_HEADER = "Content-Disposition";
															
 
																 	protected static final String CONTENT_DISPOSITION_VALUE = "attachment";
															
 
																+	protected static final String X_CONTENT_TYPE_OPTIONS_HEADER = "X-Content-Type-Options";
															
 
																+	protected static final String X_CONTENT_TYPE_OPTIONS_VALUE = "nosniff";
															
 
																 	public DavFile(FilesystemResourceFactory factory, LockManager lockManager, DavSession session, FileLocator node) {
															
 
																 		super(factory, lockManager, session, node);
															
@@ -61,6 +63,7 @@ class DavFile extends DavNode<FileLocator> {
 
																 		}
															
 
																 		outputContext.setContentType(CONTENT_TYPE_VALUE);
															
 
																 		outputContext.setProperty(CONTENT_DISPOSITION_HEADER, CONTENT_DISPOSITION_VALUE);
															
 
																+		outputContext.setProperty(X_CONTENT_TYPE_OPTIONS_HEADER, X_CONTENT_TYPE_OPTIONS_VALUE);
															
 
																 		try (ReadableFile src = node.openReadable(); WritableByteChannel dst = Channels.newChannel(outputContext.getOutputStream())) {
															
 
																 			outputContext.setContentLength(src.size());
															
 
																 			ByteStreams.copy(src, dst);
															
--- a/main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/jackrabbitservlet/DavFileWithRange.java
+++ b/main/frontend-webdav/src/main/java/org/cryptomator/frontend/webdav/jackrabbitservlet/DavFileWithRange.java
@@ -59,6 +59,7 @@ class DavFileWithRange extends DavFile {
 
																 			outputContext.setProperty(HttpHeader.CONTENT_RANGE.asString(), contentRangeResponseHeader(range.getLeft(), range.getRight(), contentLength));
															
 
																 			outputContext.setContentType(CONTENT_TYPE_VALUE);
															
 
																 			outputContext.setProperty(CONTENT_DISPOSITION_HEADER, CONTENT_DISPOSITION_VALUE);
															
 
																+			outputContext.setProperty(X_CONTENT_TYPE_OPTIONS_HEADER, X_CONTENT_TYPE_OPTIONS_VALUE);
															
 
																 			src.position(range.getLeft());
															
 
																 			InputStream limitedIn = ByteStreams.limit(Channels.newInputStream(src), rangeLength);
															
 
																 			ByteStreams.copy(limitedIn, out);