Only support inline display of PDFs for File Submission Questions
add
Submitted by Elmer van Chastelet on 12 March 2025 at 14:17X-Content-Type-Options "nosniff"
response header when serving submission file + Only allow inline download for pdf-files.
Serve any other filetype asapplication/octet-stream
preventing browsers from “guessing” the MIMEtype of the file. This prevents file submissions with HTML/JS from getting executed by the browser.