[webkit-reviews] review denied: [Bug 136452] Enable of X-Content-Type-Options: nosniff header, and remove #if guards : [Attachment 237489] Proposed patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 2 23:57:36 PDT 2014
Alexey Proskuryakov <ap at webkit.org> has denied Nagy Renátó
<nagy.renato at stud.u-szeged.hu>'s request for review:
Bug 136452: Enable of X-Content-Type-Options: nosniff header, and remove #if
guards
https://bugs.webkit.org/show_bug.cgi?id=136452
Attachment 237489: Proposed patch
https://bugs.webkit.org/attachment.cgi?id=237489&action=review
------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=237489&action=review
r- for not having any tests.
Also, looks like what this patch does is enable MIME type checking on scripts
when the headers field is present. This doesn't appear to be part of the spec
that Anne cited. Do other browsers actually do this? In particular, does Chrome
still do this?
Actual nosniff support needs to be implemented by underlying networking
libraries, and CFNetwork does implement it for Safari. Other platforms should
probably do this at the same level.
> ChangeLog:3
> + Enable of X-Content-Type-Options: nosniff header, and remove #if
guards.
As Ossy said, this is something that needs to be announced on webkit-dev.
But also, if we are to get a new feature, then we need tests for it.
More information about the webkit-reviews
mailing list