X-Git-Url: https://gitweb.ps.run/ps-cgit/blobdiff_plain/509488d85c06c66eb65bc4809f6e317c1ebe1d7a..46ff6e1993175057a18b14980696648a1c5e87ab:/ui-blob.c

diff --git a/ui-blob.c b/ui-blob.c
index d3c3a10..d388489 100644
--- a/ui-blob.c
+++ b/ui-blob.c
@@ -99,6 +99,7 @@ int cgit_print_file(char *path, const char *head, int file_only)
 		return -1;
 	buf[size] = '\0';
 	html_raw(buf, size);
+	free(buf);
 	return 0;
 }
 
@@ -160,14 +161,15 @@ void cgit_print_blob(const char *hex, char *path, const char *head, int file_onl
 	}
 
 	buf[size] = '\0';
-	ctx.page.mimetype = ctx.qry.mimetype;
-	if (!ctx.page.mimetype) {
-		if (buffer_is_binary(buf, size))
-			ctx.page.mimetype = "application/octet-stream";
-		else
-			ctx.page.mimetype = "text/plain";
-	}
+	if (buffer_is_binary(buf, size))
+		ctx.page.mimetype = "application/octet-stream";
+	else
+		ctx.page.mimetype = "text/plain";
 	ctx.page.filename = path;
+
+	html("X-Content-Type-Options: nosniff\n");
+	html("Content-Security-Policy: default-src 'none'\n");
 	cgit_print_http_headers();
 	html_raw(buf, size);
+	free(buf);
 }