[Webkit-unassigned] [Bug 171248] New: importScripts() should respect X-Content-Type-Options: nosniff
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 24 13:56:57 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=171248
Bug ID: 171248
Summary: importScripts() should respect X-Content-Type-Options:
nosniff
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dbates at webkit.org
Depends on: 136452
Fetching a worker-imported script should respect the X-Content-Type-Options: nosniff header as such a fetch is ultimately a "main fetch" and according to "main fetch":
[[
17. If response is not a network error and any of the following algorithms returns blocked, then set response and internalResponse to a network error:
...
should internalResponse to request be blocked due to no sniff
]]
<https://fetch.spec.whatwg.org/#main-fetch> (30 March 2017)
This functionality is exercised by the Web Platform Test <https://trac.webkit.org/browser/trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html?rev=200195>.
Referenced Bugs:
https://bugs.webkit.org/show_bug.cgi?id=136452
[Bug 136452] [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170424/e2edbc59/attachment.html>
More information about the webkit-unassigned
mailing list