From b8681524f3af0e72f3a6a90e93a0bcaffece30a9 Mon Sep 17 00:00:00 2001
From: Azareal <azareal@users.noreply.github.com>
Date: Mon, 6 Aug 2018 12:36:24 +1000
Subject: [PATCH] Added a mitigation for polyglot attacks. .panel_floater is
 now floated to the right on Nox.

---
 common/routes_common.go     | 1 +
 themes/nox/public/panel.css | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/common/routes_common.go b/common/routes_common.go
index 3a48734c..1702a19f 100644
--- a/common/routes_common.go
+++ b/common/routes_common.go
@@ -293,6 +293,7 @@ func preRoute(w http.ResponseWriter, r *http.Request) (User, bool) {
 	h.Set("X-Frame-Options", "deny")
 	h.Set("X-XSS-Protection", "1; mode=block") // TODO: Remove when we add a CSP? CSP's are horrendously glitchy things, tread with caution before removing
 	// TODO: Set the content policy header
+	h.Set("X-Content-Type-Options", "nosniff")
 
 	return *usercpy, true
 }
diff --git a/themes/nox/public/panel.css b/themes/nox/public/panel.css
index d76ae280..b8d10c4e 100644
--- a/themes/nox/public/panel.css
+++ b/themes/nox/public/panel.css
@@ -83,7 +83,7 @@
 	padding: 12px;
 }
 
-.to_right, .panel_buttons {
+.to_right, .panel_buttons, .panel_floater {
 	margin-left: auto;
 }