- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Thu, 20 Jan 2011 16:02:42 -0800
- To: "Steingruebl, Andy" <asteingruebl@paypal-inc.com>
- Cc: Brandon Sterne <bsterne@mozilla.com>, Adam Barth <w3c@adambarth.com>, "public-web-security@w3.org" <public-web-security@w3.org>, Sid Stamm <sid@mozilla.com>, Lucas Adamski <ladamski@mozilla.com>
> Not to nitpick on this bug too much, but regardless of the underlying parsing issue, shouldn't the browser refuse to load this resource when it gets returned with a 404 error code? Possibly, but IIRC, this does not happen today with <img>, <script>, etc. IIRC, Any codes other than 30x and 401 (and possibly other obscure cases) are essentially treated as 200. I suppose this is in line with the tradition of ignoring other HTTP information in these cases (Content-Type, Content-Disposition), although there are some efforts to improve at least that last part. /mz
Received on Friday, 21 January 2011 00:03:35 UTC