[Webkit-unassigned] [Bug 171248] New: importScripts() should respect X-Content-Type-Options: nosniff

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 24 13:56:57 PDT 2017


https://bugs.webkit.org/show_bug.cgi?id=171248

            Bug ID: 171248
           Summary: importScripts() should respect X-Content-Type-Options:
                    nosniff
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
        Depends on: 136452

Fetching a worker-imported script should respect the X-Content-Type-Options: nosniff header as such a fetch is ultimately a "main fetch" and according to "main fetch":

[[
17. If response is not a network error and any of the following algorithms returns blocked, then set response and internalResponse to a network error:

...
should internalResponse to request be blocked due to no sniff
]]
<https://fetch.spec.whatwg.org/#main-fetch> (30 March 2017)

This functionality is exercised by the Web Platform Test <https://trac.webkit.org/browser/trunk/LayoutTests/imported/w3c/web-platform-tests/fetch/nosniff/importscripts.html?rev=200195>.


Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=136452
[Bug 136452] [Cocoa][Win] Enable of X-Content-Type-Options: nosniff header
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170424/e2edbc59/attachment.html>


More information about the webkit-unassigned mailing list