| 123456789101112131415161718 |
- # The following directives force the content-type application/octet-stream
- # and force browsers to display a download dialog for non-image files.
- # This prevents the execution of script files in the context of the website:
- ForceType application/octet-stream
- Header set Content-Disposition attachment
- <FilesMatch "(?i)\.(gif|jpe?g|png)$">
- ForceType none
- Header unset Content-Disposition
- </FilesMatch>
- # The following directive prevents browsers from MIME-sniffing the content-type.
- # This is an important complement to the ForceType directive above:
- Header set X-Content-Type-Options nosniff
- # Uncomment the following lines to prevent unauthorized download of files:
- #AuthName "Authorization required"
- #AuthType Basic
- #require valid-user
|
