From c044786e2fd9a1cb52cb138bc2f3d64b9426fac2 Mon Sep 17 00:00:00 2001
From: Emily Stark <emily@meteor.com>
Date: Thu, 8 May 2014 08:45:54 -0700
Subject: [PATCH] nim, glasser comments

---
 packages/browser-policy-content/browser-policy-content.js | 1 +
 packages/browser-policy/browser-policy-test.js            | 1 +
 packages/webapp/webapp_server.js                          | 2 +-
 packages/webapp/webapp_tests.js                           | 2 +-
 4 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/packages/browser-policy-content/browser-policy-content.js b/packages/browser-policy-content/browser-policy-content.js
index 8550504e91..157b164218 100644
--- a/packages/browser-policy-content/browser-policy-content.js
+++ b/packages/browser-policy-content/browser-policy-content.js
@@ -132,6 +132,7 @@ var setDefaultPolicy = function () {
                                   "connect-src *; " +
                                   "img-src data: 'self'; " +
                                   "style-src 'self' 'unsafe-inline';");
+  contentSniffingAllowed = false;
 };
 
 var setWebAppInlineScripts = function (value) {
diff --git a/packages/browser-policy/browser-policy-test.js b/packages/browser-policy/browser-policy-test.js
index 2f5bcb604c..1a2ed512bd 100644
--- a/packages/browser-policy/browser-policy-test.js
+++ b/packages/browser-policy/browser-policy-test.js
@@ -153,6 +153,7 @@ Tinytest.add("browser-policy - x-frame-options", function (test) {
 });
 
 Tinytest.add("browser-policy - X-Content-Type-Options", function (test) {
+  BrowserPolicy.content._reset();
   test.equal(BrowserPolicy.content._xContentTypeOptions(), "nosniff");
   BrowserPolicy.content.allowContentTypeSniffing();
   test.equal(BrowserPolicy.content._xContentTypeOptions(), undefined);
diff --git a/packages/webapp/webapp_server.js b/packages/webapp/webapp_server.js
index 1c802a9d90..5b2429cefd 100644
--- a/packages/webapp/webapp_server.js
+++ b/packages/webapp/webapp_server.js
@@ -408,7 +408,7 @@ var runWebAppServer = function () {
       res.setHeader('X-SourceMap', info.sourceMapUrl);
 
     if (info.type === "js") {
-      res.setHeader("Content-Type", "text/javascript; charset=UTF-8");
+      res.setHeader("Content-Type", "application/javascript; charset=UTF-8");
     } else if (info.type === "css") {
       res.setHeader("Content-Type", "text/css; charset=UTF-8");
     }
diff --git a/packages/webapp/webapp_tests.js b/packages/webapp/webapp_tests.js
index f4555898e3..1f555c362c 100644
--- a/packages/webapp/webapp_tests.js
+++ b/packages/webapp/webapp_tests.js
@@ -19,5 +19,5 @@ Tinytest.add("webapp - content-type header", function (test) {
              "text/css; charset=utf-8");
   resp = HTTP.get(url.resolve(Meteor.absoluteUrl(), jsResource));
   test.equal(resp.headers["content-type"].toLowerCase(),
-             "text/javascript; charset=utf-8");
+             "application/javascript; charset=utf-8");
 });