From e8b69bd53ca90125c27883160d164906f7ff6156 Mon Sep 17 00:00:00 2001
From: Lukas Bestle <lukas@getkirby.com>
Date: Sat, 22 Jul 2023 22:01:04 +0200
Subject: [PATCH] Update .htaccess

---
 .htaccess | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.htaccess b/.htaccess
index 06584dca..5fe5c710 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,5 +1,5 @@
 # Kirby .htaccess
-# revision 2022-09-15
+# revision 2023-07-22
 
 # rewrite rules
 <IfModule mod_rewrite.c>
@@ -55,3 +55,13 @@ AddOutputFilterByType DEFLATE application/json
 AddOutputFilterByType DEFLATE application/javascript
 AddOutputFilterByType DEFLATE application/x-javascript
 </IfModule>
+
+# set security headers in all responses
+<IfModule mod_headers.c>
+
+# serve files as plain text if the actual content type is not known
+# (hardens against attacks from malicious file uploads)
+Header set Content-Type "text/plain" "expr=-z %{CONTENT_TYPE}"
+Header set X-Content-Type-Options "nosniff"
+
+</IfModule>