tupali_fork/milfs/plugins/upload/server/php/files/.htaccess

# The following directives prevent the execution of script files
# in the context of the website.
# They also force the content-type application/octet-stream and
# force browsers to display a download dialog for non-image files.
SetHandler default-handler
ForceType application/octet-stream
Header set Content-Disposition attachment

# The following unsets the forced type and Content-Disposition headers
# for known image files:
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
	ForceType none
	Header unset Content-Disposition
</FilesMatch>

# The following directive prevents browsers from MIME-sniffing the content-type.
# This is an important complement to the ForceType directive above:
Header set X-Content-Type-Options nosniff

# Uncomment the following lines to prevent unauthorized download of files:
#AuthName "Authorization required"
#AuthType Basic
#require valid-user
Agregaro tupale PHP7 2016-10-29 15:07:15 +00:00			`# The following directives prevent the execution of script files`
			`# in the context of the website.`
			`# They also force the content-type application/octet-stream and`
			`# force browsers to display a download dialog for non-image files.`
			`SetHandler default-handler`
			`ForceType application/octet-stream`
			`Header set Content-Disposition attachment`

			`# The following unsets the forced type and Content-Disposition headers`
			`# for known image files:`
			`<FilesMatch "(?i)\.(gif\|jpe?g\|png)$">`
			`ForceType none`
			`Header unset Content-Disposition`
			`</FilesMatch>`

			`# The following directive prevents browsers from MIME-sniffing the content-type.`
			`# This is an important complement to the ForceType directive above:`
			`Header set X-Content-Type-Options nosniff`

			`# Uncomment the following lines to prevent unauthorized download of files:`
			`#AuthName "Authorization required"`
			`#AuthType Basic`
			`#require valid-user`