diff options
Diffstat (limited to 'library/jqupload/server/php/files/.htaccess')
-rw-r--r-- | library/jqupload/server/php/files/.htaccess | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/library/jqupload/server/php/files/.htaccess b/library/jqupload/server/php/files/.htaccess new file mode 100644 index 000000000..56689f0bb --- /dev/null +++ b/library/jqupload/server/php/files/.htaccess @@ -0,0 +1,18 @@ +# The following directives force the content-type application/octet-stream +# and force browsers to display a download dialog for non-image files. +# This prevents the execution of script files in the context of the website: +ForceType application/octet-stream +Header set Content-Disposition attachment +<FilesMatch "(?i)\.(gif|jpe?g|png)$"> + ForceType none + Header unset Content-Disposition +</FilesMatch> + +# The following directive prevents browsers from MIME-sniffing the content-type. +# This is an important complement to the ForceType directive above: +Header set X-Content-Type-Options nosniff + +# Uncomment the following lines to prevent unauthorized download of files: +#AuthName "Authorization required" +#AuthType Basic +#require valid-user |