Skip to content

Set x-content-type-options for static content #3539

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 22, 2025
Merged

Set x-content-type-options for static content #3539

merged 3 commits into from
Aug 22, 2025

Conversation

rorymckinley
Copy link
Collaborator

Description

This adds the X-Content-Type-Options header to static pages.

Closes #3534

Validation steps

  • Start Lightning locally
  • cURL a static page - e.g. curl -i localhost:4000/robots.txt
  • You should see x-content-type-options: nosniff in the output

Additional notes for the reviewer

In 1924, two US aircraft completed the first circumnavigation of the world, after a journey that took 175 days. Other countries that made the attempt included the UK, France, Italy, Portugal and Argentina. Despite multiple crashes no participants were killed and the spirit of cooperation was notable with countries helping one another.

AI Usage

Please disclose how you've used AI in this work (it's cool, we just want to know!):

  • Code generation (copilot but not intellisense)
  • Learning or fact checking
  • Strategy / design
  • Optimisation / refactoring
  • Translation / spellchecking / doc gen
  • Other
  • I have not used AI

You can read more details in our Responsible AI Policy

Pre-submission checklist

  • I have performed a self-review of my code.
  • I have implemented and tested all related authorization policies. (e.g., :owner, :admin, :editor, :viewer)
  • I have updated the changelog.
  • I have ticked a box in "AI usage" in this PR

@github-project-automation github-project-automation bot moved this to New Issues in v2 Aug 20, 2025
@codecov Codecov
Copy link

codecov bot commented Aug 20, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.85%. Comparing base (1ba8621) to head (56318d4).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3539   +/-   ##
=======================================
  Coverage   89.85%   89.85%           
=======================================
  Files         380      380           
  Lines       15469    15469           
=======================================
+ Hits        13899    13900    +1     
+ Misses       1570     1569    -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@rorymckinley rorymckinley force-pushed the 3534-set-content-options branch from b0741d5 to 56318d4 Compare August 21, 2025 05:15
@rorymckinley rorymckinley self-assigned this Aug 21, 2025
@rorymckinley rorymckinley marked this pull request as ready for review August 21, 2025 05:32
elias-ba
elias-ba approved these changes Aug 21, 2025
View reviewed changes
Copy link
Contributor

@elias-ba elias-ba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jerejef, @rorymckinley

@midigofrank midigofrank merged commit ecbe7d0 into main Aug 22, 2025
0 of 6 checks passed
@midigofrank midigofrank deleted the 3534-set-content-options branch August 22, 2025 17:29
@github-project-automation github-project-automation bot moved this from New Issues to Done in v2 Aug 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@midigofrank midigofrank midigofrank approved these changes

@elias-ba elias-ba elias-ba approved these changes

Assignees

@rorymckinley rorymckinley

Labels
None yet
Projects
v2
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Set x-content-type-options header for static pages
3 participants
@rorymckinley @midigofrank @elias-ba