[webkit-dev] Adding 'X-Content-Type-Options: nosniff' support for scripts.

Adam Barth abarth at webkit.org
Wed Feb 6 10:19:01 PST 2013


We should check whether IE still have that behavior (i.e., in the
latest version of IE).  I remember them running into some
compatibility problems with that aspect of nosniff, and I'm not sure
if they resolved those issue via evangelism or by adopting our
behavior.

Adam


On Wed, Feb 6, 2013 at 1:33 AM, Mike West <mkwst at chromium.org> wrote:
> Continuing my trend of digging up old threads, I'd like to implement support
> for 'X-Content-Type-Options: nosniff' when processing script, as discussed
> way back in 2011:
> https://lists.webkit.org/pipermail/webkit-dev/2011-November/018557.html.
>
> This should be a pretty small patch[1], but because support might require
> work outside WebKit, I'll implement it behind an ENABLE_NOSNIFF flag[2].
>
> Thanks!
>
> [1]: https://bugs.webkit.org/show_bug.cgi?id=71851
> [2]: https://bugs.webkit.org/show_bug.cgi?id=109029
>
> -mike
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>


More information about the webkit-dev mailing list