[webkit-dev] Adding 'X-Content-Type-Options: nosniff' support for scripts.
Adam Barth
abarth at webkit.org
Wed Feb 6 10:19:01 PST 2013
We should check whether IE still have that behavior (i.e., in the
latest version of IE). I remember them running into some
compatibility problems with that aspect of nosniff, and I'm not sure
if they resolved those issue via evangelism or by adopting our
behavior.
Adam
On Wed, Feb 6, 2013 at 1:33 AM, Mike West <mkwst at chromium.org> wrote:
> Continuing my trend of digging up old threads, I'd like to implement support
> for 'X-Content-Type-Options: nosniff' when processing script, as discussed
> way back in 2011:
> https://lists.webkit.org/pipermail/webkit-dev/2011-November/018557.html.
>
> This should be a pretty small patch[1], but because support might require
> work outside WebKit, I'll implement it behind an ENABLE_NOSNIFF flag[2].
>
> Thanks!
>
> [1]: https://bugs.webkit.org/show_bug.cgi?id=71851
> [2]: https://bugs.webkit.org/show_bug.cgi?id=109029
>
> -mike
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
More information about the webkit-dev
mailing list