From 98773c1a8a2eb2e12fbcf1a08fc97e6802f45210 Mon Sep 17 00:00:00 2001
From: Min RK <benjaminrk@gmail.com>
Date: Fri, 18 Jan 2019 10:45:50 +0100
Subject: [PATCH] Set X-Content-Options: nosniff on all handlers

for XSSI protections of non-script content
---
 notebook/base/handlers.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/notebook/base/handlers.py b/notebook/base/handlers.py
index c5fd8be58..cac040f06 100755
--- a/notebook/base/handlers.py
+++ b/notebook/base/handlers.py
@@ -82,6 +82,7 @@ class AuthenticatedHandler(web.RequestHandler):
 
     def set_default_headers(self):
         headers = {}
+        headers["X-Content-Type-Options"] = "nosniff"
         headers.update(self.settings.get('headers', {}))
 
         headers["Content-Security-Policy"] = self.content_security_policy