[Webkit-unassigned] [Bug 136452] Enable of X-Content-Type-Options: nosniff header, and remove #if guards
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 2 23:57:40 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=136452
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #237489|review?, commit-queue? |review-, commit-queue-
Flag| |
--- Comment #5 from Alexey Proskuryakov <ap at webkit.org> 2014-09-02 23:57:42 PST ---
(From update of attachment 237489)
View in context: https://bugs.webkit.org/attachment.cgi?id=237489&action=review
r- for not having any tests.
Also, looks like what this patch does is enable MIME type checking on scripts when the headers field is present. This doesn't appear to be part of the spec that Anne cited. Do other browsers actually do this? In particular, does Chrome still do this?
Actual nosniff support needs to be implemented by underlying networking libraries, and CFNetwork does implement it for Safari. Other platforms should probably do this at the same level.
> ChangeLog:3
> + Enable of X-Content-Type-Options: nosniff header, and remove #if guards.
As Ossy said, this is something that needs to be announced on webkit-dev.
But also, if we are to get a new feature, then we need tests for it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list