From be5f9b6f98cece95c519802bf4c2328f7fc59ea7 Mon Sep 17 00:00:00 2001
From: Merijn Geurts <merijn_geurts@hotmail.com>
Date: Mon, 6 Feb 2023 17:22:54 +0100
Subject: [PATCH] Performance: remove double nosniff header

---
 .../Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs    | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs b/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs
index 0245cf11bc..37c18f6b70 100644
--- a/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs
+++ b/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/AbpSecurityHeadersMiddleware.cs
@@ -28,9 +28,6 @@ public class AbpSecurityHeadersMiddleware : IMiddleware, ITransientDependency
         /*The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. SAMEORIGIN makes it being displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain*/
         AddHeaderIfNotExists(context, "X-Frame-Options", "SAMEORIGIN");
 
-        /*The X-Content-Type-Options response HTTP header is a marker used by the server to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. The header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.*/
-        AddHeaderIfNotExists(context, "X-Content-Type-Options", "nosniff");
-
         if (Options.Value.UseContentSecurityPolicyHeader)
         {
             AddHeaderIfNotExists(context, "Content-Security-Policy",