WordPress.org

Make WordPress Core

Ticket #10671: admin-ajax.diff

File admin-ajax.diff, 470 bytes (added by niallkennedy, 6 years ago)

Admin ajax processor with sniff opt-out HTTP header.

  • admin-ajax.php

     
    1717require_once('../wp-load.php'); 
    1818require_once('includes/admin.php'); 
    1919@header('Content-Type: text/html; charset=' . get_option('blog_charset')); 
     20@header('X-Content-Type-Options: nosniff'); // assert MIME type, disabling content sniffing in supporting browsers 
    2021 
    2122do_action('admin_init'); 
    2223