added 'x-content-type-options: nosniff' to avoid MSIE bug

arangod/GeneralServer/HttpCommTask.cpp

@@ -129,6 +129,10 @@ void HttpCommTask::addResponse(HttpResponse* response,
                                   StaticStrings::ExposedCorsHeaders);
   }
 
+  // use "IfNotSet"
+  response->setHeaderNCIfNotSet(StaticStrings::XContentTypeOptions,
+                                StaticStrings::NoSniff);
+
   // set "connection" header, keep-alive is the default
   response->setConnectionType(_closeRequested
                                   ? rest::ConnectionType::C_CLOSE

lib/Basics/StaticStrings.cpp

@@ -104,11 +104,13 @@ std::string const StaticStrings::HLCHeader("x-arango-hlc");
 std::string const StaticStrings::KeepAlive("Keep-Alive");
 std::string const StaticStrings::Location("location");
 std::string const StaticStrings::MultiPartContentType("multipart/form-data");
+std::string const StaticStrings::NoSniff("nosniff");
 std::string const StaticStrings::Origin("origin");
 std::string const StaticStrings::Queue("x-arango-queue");
 std::string const StaticStrings::Server("server");
 std::string const StaticStrings::StartThread("x-arango-start-thread");
-std::string const StaticStrings::WwwAuthenticate("www-authenticate");    
+std::string const StaticStrings::WwwAuthenticate("www-authenticate");
+std::string const StaticStrings::XContentTypeOptions("x-content-type-options");
 
 // mime types
 std::string const StaticStrings::MimeTypeJson(

lib/Basics/StaticStrings.h

@@ -100,11 +100,13 @@ class StaticStrings {
   static std::string const KeepAlive;
   static std::string const Location;
   static std::string const MultiPartContentType;
+  static std::string const NoSniff;
   static std::string const Origin;
   static std::string const Queue;
   static std::string const Server;
   static std::string const StartThread;
   static std::string const WwwAuthenticate;
+  static std::string const XContentTypeOptions;
 
   // mime types
   static std::string const MimeTypeJson;