diff --git a/CHANGELOG.md b/CHANGELOG.md index 4845dd11f7..7febec5d83 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,9 @@ and this project adheres to ### Changed +- Enable X-Content-Type-Options header for static pages. + [#3534](https://github.com/OpenFn/lightning/issues/3534) + ### Fixed ## [v2.14.3-pre1] - 2025-08-22 diff --git a/lib/lightning_web/endpoint.ex b/lib/lightning_web/endpoint.ex index 5ff8e5b0c2..a1f7409c15 100644 --- a/lib/lightning_web/endpoint.ex +++ b/lib/lightning_web/endpoint.ex @@ -36,7 +36,10 @@ defmodule LightningWeb.Endpoint do at: "/", from: :lightning, gzip: true, - only: LightningWeb.static_paths() + only: LightningWeb.static_paths(), + headers: [ + {"x-content-type-options", "nosniff"} + ] if Code.ensure_loaded?(Tidewave) do plug Tidewave