From a2016a295332e24101307aca112a37f54689fa3d Mon Sep 17 00:00:00 2001
From: Tom Moulard <tom.moulard@traefik.io>
Date: Thu, 29 Dec 2022 09:46:04 +0100
Subject: [PATCH] Detect dashboard assets content types

Co-authored-by: Romain <rtribotte@users.noreply.github.com>
---
 pkg/api/dashboard/dashboard.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/api/dashboard/dashboard.go b/pkg/api/dashboard/dashboard.go
index 49f531f23..059917484 100644
--- a/pkg/api/dashboard/dashboard.go
+++ b/pkg/api/dashboard/dashboard.go
@@ -51,6 +51,11 @@ func (g Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// allow iframes from our domains only
 	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
 	w.Header().Set("Content-Security-Policy", "frame-src 'self' https://traefik.io https://*.traefik.io;")
+
+	// The content type must be guessed by the file server.
+	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+	w.Header().Del("Content-Type")
+
 	http.FileServer(http.FS(assets)).ServeHTTP(w, r)
 }